CVE-2025-38356
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-25

Last updated on: 2025-11-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Explicitly exit CT safe mode on unwind During driver probe we might be briefly using CT safe mode, which is based on a delayed work, but usually we are able to stop this once we have IRQ fully operational. However, if we abort the probe quite early then during unwind we might try to destroy the workqueue while there is still a pending delayed work that attempts to restart itself which triggers a WARN. This was recently observed during unsuccessful VF initialization: [ ] xe 0000:00:02.1: probe with driver xe failed with error -62 [ ] ------------[ cut here ]------------ [ ] workqueue: cannot queue safe_mode_worker_func [xe] on wq xe-g2h-wq [ ] WARNING: CPU: 9 PID: 0 at kernel/workqueue.c:2257 __queue_work+0x287/0x710 [ ] RIP: 0010:__queue_work+0x287/0x710 [ ] Call Trace: [ ] delayed_work_timer_fn+0x19/0x30 [ ] call_timer_fn+0xa1/0x2a0 Exit the CT safe mode on unwind to avoid that warning. (cherry picked from commit 2ddbb73ec20b98e70a5200cb85deade22ccea2ec)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-25
Last Modified
2025-11-18
Generated
2026-05-07
AI Q&A
2025-07-25
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38356
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's drm/xe/guc driver during the driver probe process. When the driver probe is aborted early, the system might still have a pending delayed work task (CT safe mode) that tries to restart itself while the workqueue is being destroyed. This leads to a warning and potential instability because the delayed work is queued on a workqueue that no longer exists. The fix explicitly exits CT safe mode during the unwind process to prevent this warning.


How can this vulnerability impact me? :

The vulnerability can cause warnings and potential instability in the Linux kernel when the drm/xe/guc driver probe fails early. This might affect system stability or driver functionality related to the graphics component using this driver, especially during initialization failures.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by observing kernel warning messages related to the drm/xe driver during device probe failures. Specifically, look for warnings such as 'workqueue: cannot queue safe_mode_worker_func [xe] on wq xe-g2h-wq' and kernel WARN messages referencing __queue_work and delayed_work_timer_fn in the system logs (e.g., dmesg). You can use the command 'dmesg | grep xe' or 'journalctl -k | grep xe' to find such warnings.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves updating the Linux kernel to a version that includes the fix which explicitly exits CT safe mode on unwind during driver probe. This prevents the warning and potential instability caused by destroying a workqueue with pending delayed work. Until the update is applied, monitoring for the warning messages and avoiding early aborts during VF initialization may help reduce exposure.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart