CVE-2025-38521

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The vulnerability involves a kernel crash when hard resetting the GPU in the Imagination GPU driver. The GPU hard reset sequence incorrectly calls pm runtime force suspend() and pm runtime force resume(), which are intended for system-wide power management transitions. This can lead to the GPU clocks not being re-enabled, resulting in a kernel crash when attempting to access GPU registers. The issue arises because pm runtime force resume() might not resume the device unless needed, preventing the pvr power device resume() callback from being executed.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-371CWE-668

Related Identifiers

BDU:2025-15819

CVE-2025-38521

OPENSUSE-SU-2026:20287-1

SUSE-SU-2025:03290-1

SUSE-SU-2025:03382-1

SUSE-SU-2025:03633-1

SUSE-SU-2025_03290-1

SUSE-SU-2025_03382-1

SUSE-SU-2026:20555-1

SUSE-SU-2026:20599-1

SUSE-SU-2026:20615-1

USN-7879-1

USN-7879-2

USN-7879-3

USN-7879-4

USN-7880-1

USN-7934-1

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Astra Linux

Imagination Gpu Driver

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2025-38521

Weakness Enumeration

Related Identifiers

Affected Products

References · 2162