2376364 – (CVE-2025-38188) CVE-2025-38188 kernel: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE

Bug 2376364 (CVE-2025-38188) - CVE-2025-38188 kernel: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE

Summary: CVE-2025-38188 kernel: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE

Keywords:
Status:	NEW
Alias:	CVE-2025-38188
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-07-04 14:01 UTC by OSIDB Bzimport
Modified:	2025-07-06 08:45 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-07-04 14:01:40 UTC

In the Linux kernel, the following vulnerability has been resolved:

drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE

Calling this packet is necessary when we switch contexts because there
are various pieces of state used by userspace to synchronize between BR
and BV that are persistent across submits and we need to make sure that
they are in a "safe" state when switching contexts. Otherwise a
userspace submission in one context could cause another context to
function incorrectly and hang, effectively a denial of service (although
without leaking data). This was missed during initial a7xx bringup.

Patchwork: https://patchwork.freedesktop.org/patch/654924/

Comment 1 Michal Findra 2025-07-06 08:43:26 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025070413-CVE-2025-38188-e0a5@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.