-

CVE-2025-38354

In the Linux kernel, the following vulnerability has been resolved:

drm/msm/gpu: Fix crash when throttling GPU immediately during boot

There is a small chance that the GPU is already hot during boot. In that
case, the call to of_devfreq_cooling_register() will immediately try to
apply devfreq cooling, as seen in the following crash:

  Unable to handle kernel paging request at virtual address 0000000000014110
  pc : a6xx_gpu_busy+0x1c/0x58 [msm]
  lr : msm_devfreq_get_dev_status+0xbc/0x140 [msm]
  Call trace:
   a6xx_gpu_busy+0x1c/0x58 [msm] (P)
   devfreq_simple_ondemand_func+0x3c/0x150
   devfreq_update_target+0x44/0xd8
   qos_max_notifier_call+0x30/0x84
   blocking_notifier_call_chain+0x6c/0xa0
   pm_qos_update_target+0xd0/0x110
   freq_qos_apply+0x3c/0x74
   apply_constraint+0x88/0x148
   __dev_pm_qos_update_request+0x7c/0xcc
   dev_pm_qos_update_request+0x38/0x5c
   devfreq_cooling_set_cur_state+0x98/0xf0
   __thermal_cdev_update+0x64/0xb4
   thermal_cdev_update+0x4c/0x58
   step_wise_manage+0x1f0/0x318
   __thermal_zone_device_update+0x278/0x424
   __thermal_cooling_device_register+0x2bc/0x308
   thermal_of_cooling_device_register+0x10/0x1c
   of_devfreq_cooling_register_power+0x240/0x2bc
   of_devfreq_cooling_register+0x14/0x20
   msm_devfreq_init+0xc4/0x1a0 [msm]
   msm_gpu_init+0x304/0x574 [msm]
   adreno_gpu_init+0x1c4/0x2e0 [msm]
   a6xx_gpu_init+0x5c8/0x9c8 [msm]
   adreno_bind+0x2a8/0x33c [msm]
   ...

At this point we haven't initialized the GMU at all yet, so we cannot read
the GMU registers inside a6xx_gpu_busy(). A similar issue was fixed before
in commit 6694482a70e9 ("drm/msm: Avoid unclocked GMU register access in
6xx gpu_busy"): msm_devfreq_init() does call devfreq_suspend_device(), but
unlike msm_devfreq_suspend(), it doesn't set the df->suspended flag
accordingly. This means the df->suspended flag does not match the actual
devfreq state after initialization and msm_devfreq_get_dev_status() will
end up accessing GMU registers, causing the crash.

Fix this by setting df->suspended correctly during initialization.

Patchwork: https://patchwork.freedesktop.org/patch/650772/

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < ae2015b0dbc0eea7aaf022194371f451f784d994
Version 6694482a70e9536efbf2ac233cbf0c302d6e2dae
Status affected
Version < 7946a10f8da75abc494e4bb80243e153e93e459a
Version 6694482a70e9536efbf2ac233cbf0c302d6e2dae
Status affected
Version < 1847ea44e3bdf7da8ff4158bc01b43a2e46394bd
Version 6694482a70e9536efbf2ac233cbf0c302d6e2dae
Status affected
Version < a6f673cc9488fd722c601fe020601dba14db21b2
Version 6694482a70e9536efbf2ac233cbf0c302d6e2dae
Status affected
Version < b71717735be48d7743a34897e9e44a0b53e30c0e
Version 6694482a70e9536efbf2ac233cbf0c302d6e2dae
Status affected
Version 1f6c087dd6a915f1c3471f0f0f696847fc8c592f
Status affected
Version 9c8b3f05fb18fba12f3fca80a378c9b8f3d04cd6
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 6.0
Status affected
Version < 6.0
Version 0
Status unaffected
Version <= 6.1.*
Version 6.1.143
Status unaffected
Version <= 6.6.*
Version 6.6.96
Status unaffected
Version <= 6.12.*
Version 6.12.36
Status unaffected
Version <= 6.15.*
Version 6.15.5
Status unaffected
Version <= *
Version 6.16
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.061
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String