CVE-2025-40108: 
Linux Ubuntu vulnerability analysis and mitigation

A vulnerability in the Linux kernel's serial driver for Qualcomm Geni platforms was identified and resolved in November 2025. The issue was introduced by commit 1afa70632c39 which enabled PM runtime for the serial driver, causing system hangs on Qualcomm RB1 board (QRB2210) devices (Debian Tracker).

The vulnerability manifested as a task blocking issue where the kernel worker process would become unresponsive for extended periods (more than 42 seconds). This occurred specifically on the Qualcomm RB1 board (QRB2210) running kernel version 6.17.0-rc1, preventing normal serial operation during boot. The issue was triggered by the PM runtime functionality in the qcom-geni serial driver (Debian Tracker).

The vulnerability rendered the serial interface completely unusable during normal boot operations on affected Qualcomm platforms. This resulted in system hangs and blocked worker tasks, potentially affecting system stability and functionality (Debian Tracker).

The issue was resolved by reverting two commits: 1afa70632c39 ("serial: qcom-geni: Enable PM runtime for serial driver") and its dependent commit 86fa39dd6fb7 ("serial: qcom-geni: Enable Serial on SA8255p Qualcomm platforms"). Multiple Linux distributions have released fixed versions, including Debian Bullseye (5.10.244-1), Bookworm (6.1.158-1), Trixie (6.12.48-1), and Sid (6.17.8-1) (Debian Tracker).