CVE-2025-38353
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-11-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-667 | The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's drm/xe component involves taking an invalid lock when the device wedges during operations such as GuC upload. When the device is wedged, submission is not enabled and the state is uninitialized. The vulnerability causes the kernel to attempt to take a lock improperly, leading to warnings and potential kernel instability. The fix protects the wedge call so that it does nothing if the device is in this wedged state, preventing the invalid lock attempt.
How can this vulnerability impact me? :
If exploited or triggered, this vulnerability can cause the Linux kernel to encounter warnings and potentially unstable behavior due to invalid locking. This can lead to device wedging, requiring recovery, and may cause system instability or crashes related to the drm/xe graphics component.