CVE-2025-38104: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's AMD GPU driver (CVE-2025-38104) was discovered and disclosed on April 18, 2025. The issue involves the RLCG register access mechanism in the AMDGPU driver, specifically affecting virtual functions in a virtualized environment (NVD).

The vulnerability stems from a priority inversion issue in the AMDGPU driver's RLCG register access implementation. The problem occurs when a thread holding a spinlock attempts to acquire a mutex, particularly in the amdgpu_virt_rlcg_reg_rw function called from the fast code path. This creates an invalid wait context, manifesting as a 'BUG: Invalid wait context' error in the system (Red Hat). The issue has been assigned a CVSS v3.1 base score of 5.5 with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat).

The vulnerability can lead to race conditions when multiple threads or Virtual Functions (VFs) attempt to access the same registers simultaneously. This primarily affects systems using AMD GPUs in virtualized environments with SR-IOV enabled, potentially causing system instability or denial of service conditions (NVD).

The fix involves replacing the mutex with a spinlock for RLCG register access to prevent priority inversion in SR-IOV environments. This has been implemented in various Linux distributions, with some versions already patched and others still vulnerable (Debian Tracker).