CVE-2025-38515: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-38515 is a vulnerability discovered in the Linux kernel's DRM scheduler component, first reported on August 16, 2025. The issue affects the job count handling in the DRM scheduler, specifically involving a race condition between spscqueuepush and the run-job worker. This vulnerability was initially observed on a drm-tip 6.16-rc1 build with the Xe driver in an SVM test case (NVD).

The vulnerability stems from a race condition where spscqueuepush may return not-first while the run-job worker has already idled due to the job count being zero. The technical impact occurs in the DRM scheduler's job counting mechanism, which can lead to job scheduling stops. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating moderate severity (Red Hat).

When exploited, this vulnerability causes job scheduling to stop, resulting in system hangs while waiting on DMA fences. This primarily affects systems using the DRM scheduler, particularly those running the Xe driver with SVM workloads (Debian).

The vulnerability has been fixed by modifying the job count increment timing to occur before appending to the SPSC queue. Fixed versions are available in Debian trixie (6.12.41-1) and sid (6.16.3-1). Various Linux distributions have either patched or are in the process of patching their affected kernel versions (Debian).