CVE-2025-38188
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-04

Last updated on: 2025-11-19

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE Calling this packet is necessary when we switch contexts because there are various pieces of state used by userspace to synchronize between BR and BV that are persistent across submits and we need to make sure that they are in a "safe" state when switching contexts. Otherwise a userspace submission in one context could cause another context to function incorrectly and hang, effectively a denial of service (although without leaking data). This was missed during initial a7xx bringup. Patchwork: https://patchwork.freedesktop.org/patch/654924/
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-04
Last Modified
2025-11-19
Generated
2026-05-07
AI Q&A
2025-07-04
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38188
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel 6.16
linux linux_kernel 6.16
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel's drm/msm/a7xx driver occurs because the CP_RESET_CONTEXT_STATE packet was not called when switching contexts. This packet is necessary to reset various pieces of state used by userspace to synchronize between BR and BV. Without calling this reset, a userspace submission in one context could interfere with another context, causing it to function incorrectly and hang, resulting in a denial of service. No data leakage occurs.


How can this vulnerability impact me? :

The vulnerability can cause a denial of service by making one context hang due to interference from another context's userspace submission. This means that affected systems could experience crashes or unresponsiveness in the graphics subsystem, impacting system stability and availability.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

This vulnerability does not involve data leakage or unauthorized access, so it does not directly affect compliance with standards and regulations such as GDPR or HIPAA.


What immediate steps should I take to mitigate this vulnerability?

Apply the patch that calls CP_RESET_CONTEXT_STATE when switching contexts in the drm/msm/a7xx driver of the Linux kernel. This patch ensures that the state used by userspace to synchronize between BR and BV is reset to a safe state, preventing denial of service due to context switching issues.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart