CVE-2025-38356

{"id": "CVE-2025-38356", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-07-25T13:15:24.353", "references": [{"url": "https://git.kernel.org/stable/c/6d0b588614c43d6334b2d7a70a99f31f7b14ecc0", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ad40098da5c3b43114d860a5b5740e7204158534", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f161e905b08ae8a513c5a36a10e3163e9920cfe6", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/guc: Explicitly exit CT safe mode on unwind\n\nDuring driver probe we might be briefly using CT safe mode, which\nis based on a delayed work, but usually we are able to stop this\nonce we have IRQ fully operational. However, if we abort the probe\nquite early then during unwind we might try to destroy the workqueue\nwhile there is still a pending delayed work that attempts to restart\nitself which triggers a WARN.\n\nThis was recently observed during unsuccessful VF initialization:\n\n [ ] xe 0000:00:02.1: probe with driver xe failed with error -62\n [ ] ------------[ cut here ]------------\n [ ] workqueue: cannot queue safe_mode_worker_func [xe] on wq xe-g2h-wq\n [ ] WARNING: CPU: 9 PID: 0 at kernel/workqueue.c:2257 __queue_work+0x287/0x710\n [ ] RIP: 0010:__queue_work+0x287/0x710\n [ ] Call Trace:\n [ ] delayed_work_timer_fn+0x19/0x30\n [ ] call_timer_fn+0xa1/0x2a0\n\nExit the CT safe mode on unwind to avoid that warning.\n\n(cherry picked from commit 2ddbb73ec20b98e70a5200cb85deade22ccea2ec)"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe/guc: Salida expl\u00edcita del modo seguro CT al desenrollar. Durante la prueba del controlador, podr\u00edamos usar brevemente el modo seguro CT, que se basa en un trabajo retrasado, pero normalmente podemos detenerlo una vez que IRQ est\u00e9 completamente operativo. Sin embargo, si cancelamos la prueba antes de tiempo, durante la desenrollaci\u00f3n podr\u00edamos intentar destruir la cola de trabajos mientras a\u00fan haya un trabajo retrasado pendiente que intenta reiniciarse, lo que activa una advertencia. Esto se observ\u00f3 recientemente durante una inicializaci\u00f3n de VF fallida: [ ] xe 0000:00:02.1: probe with driver xe failed with error -62 [ ] ------------[ cut here ]------------ [ ] workqueue: cannot queue safe_mode_worker_func [xe] on wq xe-g2h-wq [ ] WARNING: CPU: 9 PID: 0 at kernel/workqueue.c:2257 __queue_work+0x287/0x710 [ ] RIP: 0010:__queue_work+0x287/0x710 [ ] Call Trace: [ ] delayed_work_timer_fn+0x19/0x30 [ ] call_timer_fn+0xa1/0x2a0 Salga del modo seguro de CT al desenrollar para evitar esa advertencia. (seleccionado del commit 2ddbb73ec20b98e70a5200cb85deade22ccea2ec)"}], "lastModified": "2025-11-18T12:50:49.703", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE1FC310-514B-4D67-A65A-36DA37296733", "versionEndExcluding": "6.12.37", "versionStartIncluding": "6.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CC768E2-3BBC-4A6E-9C2F-ECB27A703C2D", "versionEndExcluding": "6.15.5", "versionStartIncluding": "6.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D4894DB-CCFE-4602-B1BF-3960B2E19A01"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09709862-E348-4378-8632-5A7813EDDC86"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "415BF58A-8197-43F5-B3D7-D1D63057A26E"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}