CVE-2025-38169

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP On system with SME, a thread's kernel FPSIMD state may be erroneously clobbered during a context switch immediately after that state is restored. Systems without SME are unaffected. If the CPU happens to be in streaming SVE mode before a context switch to a thread with kernel FPSIMD state, fpsimd_thread_switch() will restore the kernel FPSIMD state using fpsimd_load_kernel_state() while the CPU is still in streaming SVE mode. When fpsimd_thread_switch() subsequently calls fpsimd_flush_cpu_state(), this will execute an SMSTOP, causing an exit from streaming SVE mode. The exit from streaming SVE mode will cause the hardware to reset a number of FPSIMD/SVE/SME registers, clobbering the FPSIMD state. Fix this by calling fpsimd_flush_cpu_state() before restoring the kernel FPSIMD state.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/01098d893fa8a6edb2b56e178b798e3e6b674f02	Patch
https://git.kernel.org/stable/c/55d52af498daea75aa03ba9b7e444c8ae495ac20	Patch
https://git.kernel.org/stable/c/a305821f597ec943849d3e53924adb88c61ed682	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2025-07-03 09:15

Updated : 2025-11-20 19:28

NVD link : CVE-2025-38169

Mitre link : CVE-2025-38169

CVE.ORG link : CVE-2025-38169

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2025-38169", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-07-03T09:15:32.517", "references": [{"url": "https://git.kernel.org/stable/c/01098d893fa8a6edb2b56e178b798e3e6b674f02", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/55d52af498daea75aa03ba9b7e444c8ae495ac20", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a305821f597ec943849d3e53924adb88c61ed682", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP\n\nOn system with SME, a thread's kernel FPSIMD state may be erroneously\nclobbered during a context switch immediately after that state is\nrestored. Systems without SME are unaffected.\n\nIf the CPU happens to be in streaming SVE mode before a context switch\nto a thread with kernel FPSIMD state, fpsimd_thread_switch() will\nrestore the kernel FPSIMD state using fpsimd_load_kernel_state() while\nthe CPU is still in streaming SVE mode. When fpsimd_thread_switch()\nsubsequently calls fpsimd_flush_cpu_state(), this will execute an\nSMSTOP, causing an exit from streaming SVE mode. The exit from\nstreaming SVE mode will cause the hardware to reset a number of\nFPSIMD/SVE/SME registers, clobbering the FPSIMD state.\n\nFix this by calling fpsimd_flush_cpu_state() before restoring the kernel\nFPSIMD state."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64/fpsimd: Evite afectar negativamente al estado FPSIMD del kernel con SMSTOP En sistemas con SMSTOP, el estado FPSIMD del kernel de un subproceso puede verse afectado negativamente durante un cambio de contexto inmediatamente despu\u00e9s de restaurarse dicho estado. Los sistemas sin SMSTOP no se ven afectados. Si la CPU est\u00e1 en modo SVE de transmisi\u00f3n antes de un cambio de contexto a un subproceso con estado FPSIMD del kernel, fpsimd_thread_switch() restaurar\u00e1 el estado FPSIMD del kernel mediante fpsimd_load_kernel_state() mientras la CPU sigue en modo SVE de transmisi\u00f3n. Cuando fpsimd_thread_switch() llama posteriormente a fpsimd_flush_cpu_state(), se ejecutar\u00e1 un SMSTOP, lo que provocar\u00e1 la salida del modo SVE de transmisi\u00f3n. La salida del modo SVE de transmisi\u00f3n provocar\u00e1 que el hardware restablezca varios registros FPSIMD/SVE/SME, afectando negativamente al estado FPSIMD. Solucione esto llamando a fpsimd_flush_cpu_state() antes de restaurar el estado FPSIMD del kernel."}], "lastModified": "2025-11-20T19:28:15.673", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2D25EF8-8B93-4187-9555-F83C6F1ECA47", "versionEndExcluding": "6.9", "versionStartIncluding": "6.8.12"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "905725D5-81AB-4E66-B474-D520C73FD7E8", "versionEndExcluding": "6.12.34", "versionStartIncluding": "6.9.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0541C761-BD5E-4C1A-8432-83B375D7EB92", "versionEndExcluding": "6.15.3", "versionStartIncluding": "6.13"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}