CVE-2025-38169
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-03

Last updated on: 2025-11-20

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP On system with SME, a thread's kernel FPSIMD state may be erroneously clobbered during a context switch immediately after that state is restored. Systems without SME are unaffected. If the CPU happens to be in streaming SVE mode before a context switch to a thread with kernel FPSIMD state, fpsimd_thread_switch() will restore the kernel FPSIMD state using fpsimd_load_kernel_state() while the CPU is still in streaming SVE mode. When fpsimd_thread_switch() subsequently calls fpsimd_flush_cpu_state(), this will execute an SMSTOP, causing an exit from streaming SVE mode. The exit from streaming SVE mode will cause the hardware to reset a number of FPSIMD/SVE/SME registers, clobbering the FPSIMD state. Fix this by calling fpsimd_flush_cpu_state() before restoring the kernel FPSIMD state.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-03
Last Modified
2025-11-20
Generated
2026-05-07
AI Q&A
2025-07-03
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38169
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel on systems with SME (Scalable Matrix Extension). When a thread's kernel FPSIMD (Floating Point and SIMD) state is restored during a context switch, if the CPU is in streaming SVE (Scalable Vector Extension) mode, the FPSIMD state can be clobbered due to the order of operations. Specifically, fpsimd_thread_switch() restores the FPSIMD state while still in streaming SVE mode, then calls fpsimd_flush_cpu_state(), which executes an SMSTOP instruction causing an exit from streaming SVE mode. This exit resets several FPSIMD/SVE/SME registers, corrupting the FPSIMD state. The fix involves calling fpsimd_flush_cpu_state() before restoring the FPSIMD state to prevent this clobbering.


How can this vulnerability impact me? :

This vulnerability can cause the kernel FPSIMD state to be corrupted during context switches on systems with SME. This could lead to incorrect floating point or SIMD computations in kernel threads, potentially causing system instability, incorrect processing results, or crashes in affected workloads that rely on these CPU features.


What immediate steps should I take to mitigate this vulnerability?

Apply the Linux kernel update that includes the fix for this vulnerability, which ensures that fpsimd_flush_cpu_state() is called before restoring the kernel FPSIMD state to prevent clobbering. Systems without SME are unaffected, so mitigation is primarily through updating the kernel to a patched version.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart