{"id":"CVE-2025-38371","summary":"drm/v3d: Disable interrupts before resetting the GPU","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Disable interrupts before resetting the GPU\n\nCurrently, an interrupt can be triggered during a GPU reset, which can\nlead to GPU hangs and NULL pointer dereference in an interrupt context\nas shown in the following trace:\n\n [  314.035040] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n [  314.043822] Mem abort info:\n [  314.046606]   ESR = 0x0000000096000005\n [  314.050347]   EC = 0x25: DABT (current EL), IL = 32 bits\n [  314.055651]   SET = 0, FnV = 0\n [  314.058695]   EA = 0, S1PTW = 0\n [  314.061826]   FSC = 0x05: level 1 translation fault\n [  314.066694] Data abort info:\n [  314.069564]   ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n [  314.075039]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n [  314.080080]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n [  314.085382] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000102728000\n [  314.091814] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n [  314.100511] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n [  314.106770] Modules linked in: v3d i2c_brcmstb vc4 snd_soc_hdmi_codec gpu_sched drm_shmem_helper drm_display_helper cec drm_dma_helper drm_kms_helper drm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm snd_timer snd backlight\n [  314.129654] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.25+rpt-rpi-v8 #1  Debian 1:6.12.25-1+rpt1\n [  314.139388] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)\n [  314.145211] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n [  314.152165] pc : v3d_irq+0xec/0x2e0 [v3d]\n [  314.156187] lr : v3d_irq+0xe0/0x2e0 [v3d]\n [  314.160198] sp : ffffffc080003ea0\n [  314.163502] x29: ffffffc080003ea0 x28: ffffffec1f184980 x27: 021202b000000000\n [  314.170633] x26: ffffffec1f17f630 x25: ffffff8101372000 x24: ffffffec1f17d9f0\n [  314.177764] x23: 000000000000002a x22: 000000000000002a x21: ffffff8103252000\n [  314.184895] x20: 0000000000000001 x19: 00000000deadbeef x18: 0000000000000000\n [  314.192026] x17: ffffff94e51d2000 x16: ffffffec1dac3cb0 x15: c306000000000000\n [  314.199156] x14: 0000000000000000 x13: b2fc982e03cc5168 x12: 0000000000000001\n [  314.206286] x11: ffffff8103f8bcc0 x10: ffffffec1f196868 x9 : ffffffec1dac3874\n [  314.213416] x8 : 0000000000000000 x7 : 0000000000042a3a x6 : ffffff810017a180\n [  314.220547] x5 : ffffffec1ebad400 x4 : ffffffec1ebad320 x3 : 00000000000bebeb\n [  314.227677] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n [  314.234807] Call trace:\n [  314.237243]  v3d_irq+0xec/0x2e0 [v3d]\n [  314.240906]  __handle_irq_event_percpu+0x58/0x218\n [  314.245609]  handle_irq_event+0x54/0xb8\n [  314.249439]  handle_fasteoi_irq+0xac/0x240\n [  314.253527]  handle_irq_desc+0x48/0x68\n [  314.257269]  generic_handle_domain_irq+0x24/0x38\n [  314.261879]  gic_handle_irq+0x48/0xd8\n [  314.265533]  call_on_irq_stack+0x24/0x58\n [  314.269448]  do_interrupt_handler+0x88/0x98\n [  314.273624]  el1_interrupt+0x34/0x68\n [  314.277193]  el1h_64_irq_handler+0x18/0x28\n [  314.281281]  el1h_64_irq+0x64/0x68\n [  314.284673]  default_idle_call+0x3c/0x168\n [  314.288675]  do_idle+0x1fc/0x230\n [  314.291895]  cpu_startup_entry+0x3c/0x50\n [  314.295810]  rest_init+0xe4/0xf0\n [  314.299030]  start_kernel+0x5e8/0x790\n [  314.302684]  __primary_switched+0x80/0x90\n [  314.306691] Code: 940029eb 360ffc13 f9442ea0 52800001 (f9406017)\n [  314.312775] ---[ end trace 0000000000000000 ]---\n [  314.317384] Kernel panic - not syncing: Oops: Fatal exception in interrupt\n [  314.324249] SMP: stopping secondary CPUs\n [  314.328167] Kernel Offset: 0x2b9da00000 from 0xffffffc080000000\n [  314.334076] PHYS_OFFSET: 0x0\n [  314.336946] CPU features: 0x08,00002013,c0200000,0200421b\n [  314.342337] Memory Limit: none\n [  314.345382] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---\n\nBefore resetting the G\n---truncated---","modified":"2026-04-02T12:47:57.315182Z","published":"2025-07-25T12:53:14.292Z","related":["MGASA-2025-0218","MGASA-2025-0219","SUSE-SU-2025:02853-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:02969-1","SUSE-SU-2025:02996-1","SUSE-SU-2025:02997-1","SUSE-SU-2025:03011-1","SUSE-SU-2025:03023-1","SUSE-SU-2025:20577-1","SUSE-SU-2025:20586-1","SUSE-SU-2025:20601-1","SUSE-SU-2025:20602-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","openSUSE-SU-2025:20081-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38371.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/226862f50a7a88e4e4de9abbf36c64d19acd6fd0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2446e25e9246e0642a41d91cbf54c33b275da3c3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/387da3b6d1a90e3210bc9a7fb56703bdad2ac18a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/576a6739e08ac06c67f2916f71204557232388b0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9ff95ed0371aec4d9617e478e9c69cde86cd7c38"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b9c403d1236cecb10dd0246a30d81e4b265f8e8d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c8851a6ab19d9f390677c42a3cc01ff9b2eb6241"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dc805c927cd832bb8f790b756880ae6c769d5fbc"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38371.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38371"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"57692c94dcbe99a1e0444409a3da13fb3443562c"},{"fixed":"b9c403d1236cecb10dd0246a30d81e4b265f8e8d"},{"fixed":"2446e25e9246e0642a41d91cbf54c33b275da3c3"},{"fixed":"576a6739e08ac06c67f2916f71204557232388b0"},{"fixed":"c8851a6ab19d9f390677c42a3cc01ff9b2eb6241"},{"fixed":"387da3b6d1a90e3210bc9a7fb56703bdad2ac18a"},{"fixed":"9ff95ed0371aec4d9617e478e9c69cde86cd7c38"},{"fixed":"dc805c927cd832bb8f790b756880ae6c769d5fbc"},{"fixed":"226862f50a7a88e4e4de9abbf36c64d19acd6fd0"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38371.json"}}],"schema_version":"1.7.5"}