{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-38169", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:23.991Z", "datePublished": "2025-07-03T08:36:08.393Z", "dateUpdated": "2026-05-23T15:59:10.475Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-23T15:59:10.475Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP\n\nOn system with SME, a thread's kernel FPSIMD state may be erroneously\nclobbered during a context switch immediately after that state is\nrestored. Systems without SME are unaffected.\n\nIf the CPU happens to be in streaming SVE mode before a context switch\nto a thread with kernel FPSIMD state, fpsimd_thread_switch() will\nrestore the kernel FPSIMD state using fpsimd_load_kernel_state() while\nthe CPU is still in streaming SVE mode. When fpsimd_thread_switch()\nsubsequently calls fpsimd_flush_cpu_state(), this will execute an\nSMSTOP, causing an exit from streaming SVE mode. The exit from\nstreaming SVE mode will cause the hardware to reset a number of\nFPSIMD/SVE/SME registers, clobbering the FPSIMD state.\n\nFix this by calling fpsimd_flush_cpu_state() before restoring the kernel\nFPSIMD state."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/arm64/kernel/fpsimd.c"], "versions": [{"version": "e92bee9f861b466c676f0200be3e46af7bc4ac6b", "lessThan": "55d52af498daea75aa03ba9b7e444c8ae495ac20", "status": "affected", "versionType": "git"}, {"version": "e92bee9f861b466c676f0200be3e46af7bc4ac6b", "lessThan": "a305821f597ec943849d3e53924adb88c61ed682", "status": "affected", "versionType": "git"}, {"version": "e92bee9f861b466c676f0200be3e46af7bc4ac6b", "lessThan": "01098d893fa8a6edb2b56e178b798e3e6b674f02", "status": "affected", "versionType": "git"}, {"version": "e003c485ac82a9f8de4204912ed059ac6dd4257c", "status": "affected", "versionType": "git"}, {"version": "25b90cd122d546823da90b916f7c3289dfe83a99", "status": "affected", "versionType": "git"}, {"version": "6.8.12", "lessThan": "6.9", "status": "affected", "versionType": "semver"}, {"version": "6.9.3", "lessThan": "6.10", "status": "affected", "versionType": "semver"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/arm64/kernel/fpsimd.c"], "versions": [{"version": "6.10", "status": "affected"}, {"version": "0", "lessThan": "6.10", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.34", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15.3", "lessThanOrEqual": "6.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "6.12.34"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "6.15.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "6.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9.3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/55d52af498daea75aa03ba9b7e444c8ae495ac20"}, {"url": "https://git.kernel.org/stable/c/a305821f597ec943849d3e53924adb88c61ed682"}, {"url": "https://git.kernel.org/stable/c/01098d893fa8a6edb2b56e178b798e3e6b674f02"}], "title": "arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A2D25EF8-8B93-4187-9555-F83C6F1ECA47", "versionEndExcluding": "6.9", "versionStartIncluding": "6.8.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "905725D5-81AB-4E66-B474-D520C73FD7E8", "versionEndExcluding": "6.12.34", "versionStartIncluding": "6.9.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0541C761-BD5E-4C1A-8432-83B375D7EB92", "versionEndExcluding": "6.15.3", "versionStartIncluding": "6.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP\n\nOn system with SME, a thread's kernel FPSIMD state may be erroneously\nclobbered during a context switch immediately after that state is\nrestored. Systems without SME are unaffected.\n\nIf the CPU happens to be in streaming SVE mode before a context switch\nto a thread with kernel FPSIMD state, fpsimd_thread_switch() will\nrestore the kernel FPSIMD state using fpsimd_load_kernel_state() while\nthe CPU is still in streaming SVE mode. When fpsimd_thread_switch()\nsubsequently calls fpsimd_flush_cpu_state(), this will execute an\nSMSTOP, causing an exit from streaming SVE mode. The exit from\nstreaming SVE mode will cause the hardware to reset a number of\nFPSIMD/SVE/SME registers, clobbering the FPSIMD state.\n\nFix this by calling fpsimd_flush_cpu_state() before restoring the kernel\nFPSIMD state."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64/fpsimd: Evite afectar negativamente al estado FPSIMD del kernel con SMSTOP En sistemas con SMSTOP, el estado FPSIMD del kernel de un subproceso puede verse afectado negativamente durante un cambio de contexto inmediatamente despu\u00e9s de restaurarse dicho estado. Los sistemas sin SMSTOP no se ven afectados. Si la CPU est\u00e1 en modo SVE de transmisi\u00f3n antes de un cambio de contexto a un subproceso con estado FPSIMD del kernel, fpsimd_thread_switch() restaurar\u00e1 el estado FPSIMD del kernel mediante fpsimd_load_kernel_state() mientras la CPU sigue en modo SVE de transmisi\u00f3n. Cuando fpsimd_thread_switch() llama posteriormente a fpsimd_flush_cpu_state(), se ejecutar\u00e1 un SMSTOP, lo que provocar\u00e1 la salida del modo SVE de transmisi\u00f3n. La salida del modo SVE de transmisi\u00f3n provocar\u00e1 que el hardware restablezca varios registros FPSIMD/SVE/SME, afectando negativamente al estado FPSIMD. Solucione esto llamando a fpsimd_flush_cpu_state() antes de restaurar el estado FPSIMD del kernel."}], "id": "CVE-2025-38169", "lastModified": "2025-11-20T19:28:15.673", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-07-03T09:15:32.517", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/01098d893fa8a6edb2b56e178b798e3e6b674f02"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/55d52af498daea75aa03ba9b7e444c8ae495ac20"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a305821f597ec943849d3e53924adb88c61ed682"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP", "id": "2376067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376067"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\narm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP\nOn system with SME, a thread's kernel FPSIMD state may be erroneously\nclobbered during a context switch immediately after that state is\nrestored. Systems without SME are unaffected.\nIf the CPU happens to be in streaming SVE mode before a context switch\nto a thread with kernel FPSIMD state, fpsimd_thread_switch() will\nrestore the kernel FPSIMD state using fpsimd_load_kernel_state() while\nthe CPU is still in streaming SVE mode. When fpsimd_thread_switch()\nsubsequently calls fpsimd_flush_cpu_state(), this will execute an\nSMSTOP, causing an exit from streaming SVE mode. The exit from\nstreaming SVE mode will cause the hardware to reset a number of\nFPSIMD/SVE/SME registers, clobbering the FPSIMD state.\nFix this by calling fpsimd_flush_cpu_state() before restoring the kernel\nFPSIMD state."], "name": "CVE-2025-38169", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-07-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-38169\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38169\nhttps://lore.kernel.org/linux-cve-announce/2025070342-CVE-2025-38169-11b6@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-07-06T22:16:20.910170+00:00", "updated": "2025-07-06T22:16:20.910220+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}