Impact
The Spacemit CCU mixer driver in the Linux kernel contains an inverted conditional statement within the function ccu_mix_trigger_fc() that causes the frequency change trigger to be skipped during CPU frequency scaling. When the kernel attempts to adjust the CPU frequency, this omission leads to a kernel panic, resulting in a loss of system availability. The flaw does not provide direct code execution or privilege escalation. Instead, the impact is limited to a crash of the kernel that can be exploited to cause a denial‑of‑service condition or to disrupt operations.
Affected Systems
All Linux kernel installations that include the Spacemit CCU mixer driver are affected. This encompasses standard mainline builds as well as any custom kernels that contain the relevant source code. The vulnerability is present in the code before the recent commit that addresses the inverted condition, so any kernel version without that patch is susceptible.
Risk and Exploitability
The EPSS score is reported as less than 1%, indicating a very low probability that this vulnerability will be exploited in the wild. It is not listed in the CISA KEV catalog, and no CVSS score is provided in the public record. The likely attack vector is local, requiring access to trigger CPU frequency scaling on the target system. Although the panic can abruptly, making timely patching advisory.
OpenCVE Enrichment