CVE-2025-38521

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix kernel crash when hard resetting the GPU The GPU hard reset sequence calls pm_runtime_force_suspend() and pm_runtime_force_resume(), which according to their documentation should only be used during system-wide PM transitions to sleep states. The main issue though is that depending on some internal runtime PM state as seen by pm_runtime_force_suspend() (whether the usage count is <= 1), pm_runtime_force_resume() might not resume the device unless needed. If that happens, the runtime PM resume callback pvr_power_device_resume() is not called, the GPU clocks are not re-enabled, and the kernel crashes on the next attempt to access GPU registers as part of the power-on sequence. Replace calls to pm_runtime_force_suspend() and pm_runtime_force_resume() with direct calls to the driver's runtime PM callbacks, pvr_power_device_suspend() and pvr_power_device_resume(), to ensure clocks are re-enabled and avoid the kernel crash.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/9f852d301f642223c4798f3c13ba15e91165d078	Patch
https://git.kernel.org/stable/c/d38376b3ee48d073c64e75e150510d7e6b4b04f7	Patch
https://git.kernel.org/stable/c/e066cc6e0f094ca2120f1928d126d56f686cd73e	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc5::::::

History

No history.

Information

Published : 2025-08-16 11:15

Updated : 2026-01-22 18:38

NVD link : CVE-2025-38521

Mitre link : CVE-2025-38521

CVE.ORG link : CVE-2025-38521

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-668

Exposure of Resource to Wrong Sphere

{"id": "CVE-2025-38521", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2025-08-16T11:15:45.413", "references": [{"url": "https://git.kernel.org/stable/c/9f852d301f642223c4798f3c13ba15e91165d078", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d38376b3ee48d073c64e75e150510d7e6b4b04f7", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e066cc6e0f094ca2120f1928d126d56f686cd73e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: Fix kernel crash when hard resetting the GPU\n\nThe GPU hard reset sequence calls pm_runtime_force_suspend() and\npm_runtime_force_resume(), which according to their documentation should\nonly be used during system-wide PM transitions to sleep states.\n\nThe main issue though is that depending on some internal runtime PM\nstate as seen by pm_runtime_force_suspend() (whether the usage count is\n<= 1), pm_runtime_force_resume() might not resume the device unless\nneeded. If that happens, the runtime PM resume callback\npvr_power_device_resume() is not called, the GPU clocks are not\nre-enabled, and the kernel crashes on the next attempt to access GPU\nregisters as part of the power-on sequence.\n\nReplace calls to pm_runtime_force_suspend() and\npm_runtime_force_resume() with direct calls to the driver's runtime PM\ncallbacks, pvr_power_device_suspend() and pvr_power_device_resume(),\nto ensure clocks are re-enabled and avoid the kernel crash."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/imagination: Se corrige el fallo del kernel al reiniciar la GPU La secuencia de reinicio completo de la GPU llama a pm_runtime_force_suspend() y pm_runtime_force_resume(), que seg\u00fan su documentaci\u00f3n solo se deben usar durante las transiciones de PM de todo el sistema a estados de suspensi\u00f3n. Sin embargo, el problema principal es que, dependiendo de alg\u00fan estado interno de PM en tiempo de ejecuci\u00f3n, como se ve en pm_runtime_force_suspend() (si el recuento de uso es <= 1), pm_runtime_force_resume() podr\u00eda no reanudar el dispositivo a menos que sea necesario. Si eso sucede, no se llama a la devoluci\u00f3n de llamada de reanudaci\u00f3n de PM en tiempo de ejecuci\u00f3n pvr_power_device_resume(), no se vuelven a habilitar los relojes de la GPU y el kernel se bloquea en el siguiente intento de acceder a los registros de la GPU como parte de la secuencia de encendido. Reemplace las llamadas a pm_runtime_force_suspend() y pm_runtime_force_resume() con llamadas directas a las devoluciones de llamadas PM de tiempo de ejecuci\u00f3n del controlador, pvr_power_device_suspend() y pvr_power_device_resume(), para garantizar que los relojes se vuelvan a habilitar y evitar el bloqueo del kernel."}], "lastModified": "2026-01-22T18:38:56.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10807776-5E00-40EF-A71B-8298F5EF80E3", "versionEndExcluding": "6.12.39", "versionStartIncluding": "6.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9C46937-5FA9-4335-AD7B-E7FC29453CE1", "versionEndExcluding": "6.15.7", "versionStartIncluding": "6.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D4894DB-CCFE-4602-B1BF-3960B2E19A01"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09709862-E348-4378-8632-5A7813EDDC86"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "415BF58A-8197-43F5-B3D7-D1D63057A26E"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0517869-312D-4429-80C2-561086E1421C"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85421F4E-C863-4ABF-B4B4-E887CC2F7F92"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}