Linux Kernel OP-TEE Driver Notification Vulnerability
CVE-2025-38374

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38374?

A vulnerability exists in the OP-TEE driver of the Linux kernel, where the function notif_callback() is incorrectly called in an atomic context. This leads to potential system instability due to a conflict with sleeping function calls while in non-blocking contexts. The resolution requires implementing a work queue to handle notifications properly without disrupting the atomic execution state, thereby improving the stability and reliability of kernel operations.

Affected Version(s)

Linux d0476a59de064205f4aaa8f7c6d6f32bc28a44d4 < 5f28563f0c6862c99eb115c918421d9b73f137ad

Linux d0476a59de064205f4aaa8f7c6d6f32bc28a44d4

Linux d0476a59de064205f4aaa8f7c6d6f32bc28a44d4 < 312d02adb959ea199372f375ada06e0186f651e4

References

https://git.kernel.org/stable/c/5f28563f0c6862c99eb115c91...

https://git.kernel.org/stable/c/f27cf15783bd60063c6c97434...

https://git.kernel.org/stable/c/312d02adb959ea199372f375a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025