CVE-2025-38515
published 2025-08-16CVE-2025-38515: In the Linux kernel, the following vulnerability has been resolved: drm/sched: Increment job count before swapping tail spsc queue A small race exists between…
medium4.7CVSS 3.1
AVLACHPRLUINSUCNINAH
In the Linux kernel, the following vulnerability has been resolved:
drm/sched: Increment job count before swapping tail spsc queue
A small race exists between spsc_queue_push and the run-job worker, in
which spsc_queue_push may return not-first while the run-job worker has
already idled due to the job count being zero. If this race occurs, job
scheduling stops, leading to hangs while waiting on the job’s DMA
fences.
Seal this race by incrementing the job count before appending to the
SPSC queue.
This race was observed on a drm-tip 6.16-rc1 build with the Xe driver in
an SVM test case.
Affected
38 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 27105db6c63a571b91d01e749d026105a1e63bcf < 549a9c78c3ea6807d0dc4162a4f5ba59f217d5a0 | 549a9c78c3ea6807d0dc4162a4f5ba59f217d5a0 |
| linux | linux | >= 27105db6c63a571b91d01e749d026105a1e63bcf < e62f51d0ec8a9baf324caf9a564f8e318d36a551 | e62f51d0ec8a9baf324caf9a564f8e318d36a551 |
| linux | linux | >= 27105db6c63a571b91d01e749d026105a1e63bcf < ef841f8e4e1ff67817ca899bedc5ebb00847c0a7 | ef841f8e4e1ff67817ca899bedc5ebb00847c0a7 |
| linux | linux | >= 27105db6c63a571b91d01e749d026105a1e63bcf < f9a4f28a4fc4ee453a92a9abbe36e26224d17749 | f9a4f28a4fc4ee453a92a9abbe36e26224d17749 |
| linux | linux | >= 27105db6c63a571b91d01e749d026105a1e63bcf < c64f5310530baf75328292f9b9f3f2961d185183 | c64f5310530baf75328292f9b9f3f2961d185183 |
| linux | linux | >= 27105db6c63a571b91d01e749d026105a1e63bcf < e2d6547dc8b9b332f9bc00875197287a6a4db65a | e2d6547dc8b9b332f9bc00875197287a6a4db65a |
| linux | linux | >= 27105db6c63a571b91d01e749d026105a1e63bcf < ef58a95457466849fa7b31fd3953801a5af0f58b | ef58a95457466849fa7b31fd3953801a5af0f58b |
| linux | linux | >= 27105db6c63a571b91d01e749d026105a1e63bcf < 8af39ec5cf2be522c8eb43a3d8005ed59e4daaee | 8af39ec5cf2be522c8eb43a3d8005ed59e4daaee |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.10.244-1 | 5.10.244-1 |
| linux | linux_kernel | >= 0 < 6.1.147-1 | 6.1.147-1 |
| linux | linux_kernel | >= 0 < 6.12.41-1 | 6.12.41-1 |
| linux | linux_kernel | >= 0 < 6.16.3-1 | 6.16.3-1 |
| linux | linux_kernel | >= 0 < 5.15.0-156.166 | 5.15.0-156.166 |
| linux | linux_kernel | >= 0 < 6.8.0-100.100 | 6.8.0-100.100 |
| linux | linux_kernel | >= 4.16 < 5.4.296 | 5.4.296 |
| linux | linux_kernel | >= 5.11 < 5.15.189 | 5.15.189 |
| linux | linux_kernel | >= 5.16 < 6.1.146 | 6.1.146 |
| linux | linux_kernel | >= 5.5 < 5.10.240 | 5.10.240 |
| linux | linux_kernel | >= 6.13 < 6.15.7 | 6.15.7 |
| linux | linux_kernel | >= 6.2 < 6.6.99 | 6.6.99 |
CVSS provenance
nvdv3.14.7MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
osv4.7MEDIUM