CVE-2025-38038
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-18

Last updated on: 2025-11-14

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost set_boost is a per-policy function call, hence a driver wide lock is unnecessary. Also this mutex_acquire can collide with the mutex_acquire from the mode-switch path in status_store(), which can lead to a deadlock. So, remove it.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-18
Last Modified
2025-11-14
Generated
2026-05-06
AI Q&A
2025-06-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38038
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the Linux kernel's amd-pstate driver where an unnecessary driver-wide lock (driver_lock) was used in the set_boost function. The set_boost function is called per-policy, so holding a driver-wide lock is not needed. Moreover, acquiring this lock could collide with another lock acquisition in the mode-switch path (status_store()), potentially causing a deadlock. The fix removes this unnecessary lock to prevent such deadlocks.


How can this vulnerability impact me? :

This vulnerability can lead to a deadlock situation in the Linux kernel's amd-pstate driver, which may cause the system or affected processes to hang or become unresponsive when the set_boost function and mode-switch path locks collide.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart