CVE-2025-38354: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's drm/msm/gpu component was discovered and resolved, identified as CVE-2025-38354. The issue was reported on July 25, 2025, affecting the GPU throttling mechanism during system boot. This vulnerability has been assigned a CVSS v3.1 score of 5.5 (Moderate) (RedHat Security).

The vulnerability occurs when the GPU is already hot during boot, causing the ofdevfreqcooling_register() function to immediately attempt applying devfreq cooling. The issue stems from a mismatch between the devfreq state and the df->suspended flag during initialization, leading to unauthorized GMU register access. The problem is similar to a previously fixed issue in commit 6694482a70e9. The vulnerability has been assigned a CVSS vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (RedHat Security).

When exploited, this vulnerability results in a kernel paging request failure at virtual address 0000000000014110, causing a system crash. The impact is primarily on system availability, with no direct effect on confidentiality or integrity (RedHat Security).

The issue has been fixed by correctly setting the df->suspended flag during initialization. The fix ensures proper synchronization between the devfreq state and the suspended flag, preventing unauthorized GMU register access (RedHat Security).