{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-38188", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:23.992Z", "datePublished": "2025-07-04T13:37:13.761Z", "dateUpdated": "2025-07-04T13:37:13.761Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-07-04T13:37:13.761Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/a7xx: Call CP_RESET_CONTEXT_STATE\n\nCalling this packet is necessary when we switch contexts because there\nare various pieces of state used by userspace to synchronize between BR\nand BV that are persistent across submits and we need to make sure that\nthey are in a \"safe\" state when switching contexts. Otherwise a\nuserspace submission in one context could cause another context to\nfunction incorrectly and hang, effectively a denial of service (although\nwithout leaking data). This was missed during initial a7xx bringup.\n\nPatchwork: https://patchwork.freedesktop.org/patch/654924/"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/msm/adreno/a6xx_gpu.c"], "versions": [{"version": "af66706accdf5afef45204afc87037f876e0665c", "lessThan": "8a1f52651dd8203695d293c6824d8f6c067877d1", "status": "affected", "versionType": "git"}, {"version": "af66706accdf5afef45204afc87037f876e0665c", "lessThan": "35fe72f3c425bbf1d580bd9066e2456b1dbae4a8", "status": "affected", "versionType": "git"}, {"version": "af66706accdf5afef45204afc87037f876e0665c", "lessThan": "2b520c6104f34e3a548525173c38ebca4402cac3", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/msm/adreno/a6xx_gpu.c"], "versions": [{"version": "6.7", "status": "affected"}, {"version": "0", "lessThan": "6.7", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.35", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15.4", "lessThanOrEqual": "6.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.12.35"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.15.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.16-rc3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/8a1f52651dd8203695d293c6824d8f6c067877d1"}, {"url": "https://git.kernel.org/stable/c/35fe72f3c425bbf1d580bd9066e2456b1dbae4a8"}, {"url": "https://git.kernel.org/stable/c/2b520c6104f34e3a548525173c38ebca4402cac3"}], "title": "drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/a7xx: Call CP_RESET_CONTEXT_STATE\n\nCalling this packet is necessary when we switch contexts because there\nare various pieces of state used by userspace to synchronize between BR\nand BV that are persistent across submits and we need to make sure that\nthey are in a \"safe\" state when switching contexts. Otherwise a\nuserspace submission in one context could cause another context to\nfunction incorrectly and hang, effectively a denial of service (although\nwithout leaking data). This was missed during initial a7xx bringup.\n\nPatchwork: https://patchwork.freedesktop.org/patch/654924/"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/msm/a7xx: Llamada a CP_RESET_CONTEXT_STATE. Llamar a este paquete es necesario al cambiar de contexto, ya que el espacio de usuario utiliza varios fragmentos de estado para sincronizar entre BR y BV que son persistentes entre env\u00edos, y debemos asegurarnos de que est\u00e9n en un estado seguro al cambiar de contexto. De lo contrario, un env\u00edo del espacio de usuario en un contexto podr\u00eda provocar que otro contexto funcione incorrectamente y se cuelgue, lo que constituye una denegaci\u00f3n de servicio (aunque sin fugas de datos). Esto se pas\u00f3 por alto durante la activaci\u00f3n inicial de a7xx. Patchwork: https://patchwork.freedesktop.org/patch/654924/"}], "id": "CVE-2025-38188", "lastModified": "2025-07-08T16:18:53.607", "metrics": {}, "published": "2025-07-04T14:15:25.760", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2b520c6104f34e3a548525173c38ebca4402cac3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/35fe72f3c425bbf1d580bd9066e2456b1dbae4a8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8a1f52651dd8203695d293c6824d8f6c067877d1"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE", "id": "2376364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376364"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/msm/a7xx: Call CP_RESET_CONTEXT_STATE\nCalling this packet is necessary when we switch contexts because there\nare various pieces of state used by userspace to synchronize between BR\nand BV that are persistent across submits and we need to make sure that\nthey are in a \"safe\" state when switching contexts. Otherwise a\nuserspace submission in one context could cause another context to\nfunction incorrectly and hang, effectively a denial of service (although\nwithout leaking data). This was missed during initial a7xx bringup.\nPatchwork: https://patchwork.freedesktop.org/patch/654924/"], "name": "CVE-2025-38188", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-07-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-38188\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38188\nhttps://lore.kernel.org/linux-cve-announce/2025070413-CVE-2025-38188-e0a5@gregkh/T"], "threat_severity": "Moderate"}