Description
In the Linux kernel, the following vulnerability has been resolved:

pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu

For i.MX8MQ platform, the ADB in the VPUMIX domain has no separate reset
and clock enable bits, but is ungated and reset together with the VPUs.
So we can't reset G1 or G2 separately, it may led to the system hang.
Remove rst_mask and clk_mask of imx8mq_vpu_blk_ctl_domain_data.
Let imx8mq_vpu_power_notifier() do really vpu reset.
Published: 2026-02-14
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (System Hang)
Action: Apply Patch
AI Analysis

Impact

In the i.MX8MQ platform, the ADB component of the VPUMIX domain lacks individual reset and clock enable bits. Consequently, the VPU can only be reset together with other VPUs, preventing separate reset of G1 or G2. This misconfiguration can cause a system hang, effectively denying service to the affected device.

Affected Systems

The flaw affects the Linux kernel on i.MX8MQ devices, specifically the Linux kernel 6.19 release candidates rc1 through rc6, as indicated by the associated CPE entries.

Risk and Exploitability

The CVSS score is 5.5, indicating moderate risk, while the EPSS score is below 1%, suggesting a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attack likely requires local kernel access or physical presence to trigger the incorrect reset logic, but can result in a full system hang if exploited.

Generated by OpenCVE AI on April 17, 2026 at 19:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that removes the separate reset and clock mask entries for the i.MX8MQ VPU domain, ensuring that reset operations are handled by the power notifier rather than the flawed control structure.
  • Upgrade the system to a Linux kernel release that includes this patch, such as any version newer than 6.19 rc6 where the change is incorporated.
  • If an immediate kernel upgrade is not possible, perform a system reboot to reset the VPU and temporarily prevent the hang until the proper patch can be applied.

Generated by OpenCVE AI on April 17, 2026 at 19:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1181
CWE-295

Wed, 18 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Mon, 16 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Sat, 14 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu For i.MX8MQ platform, the ADB in the VPUMIX domain has no separate reset and clock enable bits, but is ungated and reset together with the VPUs. So we can't reset G1 or G2 separately, it may led to the system hang. Remove rst_mask and clk_mask of imx8mq_vpu_blk_ctl_domain_data. Let imx8mq_vpu_power_notifier() do really vpu reset.
Title pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-14T15:09:48.511Z

Reserved: 2026-01-13T15:37:45.969Z

Link: CVE-2026-23116

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-14T15:16:06.713

Modified: 2026-03-18T13:40:31.990

Link: CVE-2026-23116

cve-icon Redhat

Severity : Important

Publid Date: 2026-02-14T00:00:00Z

Links: CVE-2026-23116 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T19:45:25Z

Weaknesses