Linux Kernel Vulnerability in ARM64 FPSIMD/SVE/SME State Management
CVE-2025-38170

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-38170?

A vulnerability exists in the Linux kernel where the logic for handling SME traps can improperly manipulate saved FPSIMD/SVE/SME state during context switching. A race condition during preemption may lead to stale CPU states being reused, causing unexpected warnings in the system. Specifically, the task may show TIF_SME set and TIF_FOREIGN_FPSTATE clear, despite the potential for stale data. To mitigate this issue, the kernel should flush the task state to ensure that the CPU context is properly refreshed, thereby preventing the reuse of outdated information.

Affected Version(s)

Linux 8bd7f91c03d886f41d35f6108078d20be5a4a1bd

Linux 8bd7f91c03d886f41d35f6108078d20be5a4a1bd < 43be952e885476dafb74aa832c0847b2f4f650c6

Linux 8bd7f91c03d886f41d35f6108078d20be5a4a1bd < 6103f9ba51a59afb5a0f32299c837377c5a5a693

References

https://git.kernel.org/stable/c/de89368de3894a8db27caeb8f...

https://git.kernel.org/stable/c/43be952e885476dafb74aa832...

https://git.kernel.org/stable/c/6103f9ba51a59afb5a0f32299...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Apr 16, 2025