CVE-2025-38038: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability (CVE-2025-38038) was identified in the Linux kernel's AMD P-State driver, specifically in the cpufreq subsystem. The issue was disclosed on June 18, 2025, affecting various Linux kernel versions. The vulnerability stems from an unnecessary driver-wide lock implementation in the set_boost function (NVD, Debian Tracker).

The vulnerability exists in the AMD P-State driver's setboost function, which implements an unnecessary driver-wide lock. The setboost function is designed as a per-policy call, making the driver-wide lock redundant. The critical issue arises when the mutexacquire operation in this function potentially collides with another mutexacquire from the mode-switch path in status_store(), which can result in a deadlock condition (Wiz).

The vulnerability affects multiple versions of the Linux kernel, including Debian distributions such as Bullseye (5.10.223-1, 5.10.237-1), Bookworm (6.1.137-1, 6.1.140-1), and Trixie (6.12.31-1). When exploited, the issue could lead to system deadlocks when the AMD P-State driver is in use (Debian Tracker).

The vulnerability has been fixed in Linux kernel version 6.12.32-1 and later releases. The fix involves removing the unnecessary driverlock from the setboost function, which eliminates the potential for deadlock conditions (Debian Tracker).