CVE-2025-38169: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-38169 is a vulnerability discovered in the Linux kernel affecting the arm64/fpsimd component, specifically related to kernel FPSIMD state handling during context switches on systems with SME (Scalable Matrix Extension). The vulnerability was disclosed on July 3, 2025 (NVD, Ubuntu).

The vulnerability occurs when a CPU in streaming SVE mode performs a context switch to a thread with kernel FPSIMD state. During this process, fpsimd_thread_switch() restores the kernel FPSIMD state while the CPU remains in streaming SVE mode. When fpsimd_flush_cpu_state() is subsequently called, it executes an SMSTOP instruction, causing an exit from streaming SVE mode. This exit resets various FPSIMD/SVE/SME registers, resulting in the corruption of the FPSIMD state. Systems without SME are not affected by this vulnerability (NVD).

The vulnerability can lead to the corruption of a thread's kernel FPSIMD state during context switches, potentially affecting system stability and data integrity on affected systems. This occurs specifically when the FPSIMD state is restored immediately before the corruption takes place (NVD).

The vulnerability has been resolved by modifying the code to call fpsimd_flush_cpu_state() before restoring the kernel FPSIMD state, preventing the state corruption issue. This fix has been implemented in the Linux kernel, and various distributions have begun releasing updates (Ubuntu).