### [CVE-2025-38354](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38354)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=1f6c087dd6a915f1c3471f0f0f696847fc8c592f%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6694482a70e9536efbf2ac233cbf0c302d6e2dae%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=9c8b3f05fb18fba12f3fca80a378c9b8f3d04cd6%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)

### Description

In the Linux kernel, the following vulnerability has been resolved:drm/msm/gpu: Fix crash when throttling GPU immediately during bootThere is a small chance that the GPU is already hot during boot. In thatcase, the call to of_devfreq_cooling_register() will immediately try toapply devfreq cooling, as seen in the following crash:  Unable to handle kernel paging request at virtual address 0000000000014110  pc : a6xx_gpu_busy+0x1c/0x58 [msm]  lr : msm_devfreq_get_dev_status+0xbc/0x140 [msm]  Call trace:   a6xx_gpu_busy+0x1c/0x58 [msm] (P)   devfreq_simple_ondemand_func+0x3c/0x150   devfreq_update_target+0x44/0xd8   qos_max_notifier_call+0x30/0x84   blocking_notifier_call_chain+0x6c/0xa0   pm_qos_update_target+0xd0/0x110   freq_qos_apply+0x3c/0x74   apply_constraint+0x88/0x148   __dev_pm_qos_update_request+0x7c/0xcc   dev_pm_qos_update_request+0x38/0x5c   devfreq_cooling_set_cur_state+0x98/0xf0   __thermal_cdev_update+0x64/0xb4   thermal_cdev_update+0x4c/0x58   step_wise_manage+0x1f0/0x318   __thermal_zone_device_update+0x278/0x424   __thermal_cooling_device_register+0x2bc/0x308   thermal_of_cooling_device_register+0x10/0x1c   of_devfreq_cooling_register_power+0x240/0x2bc   of_devfreq_cooling_register+0x14/0x20   msm_devfreq_init+0xc4/0x1a0 [msm]   msm_gpu_init+0x304/0x574 [msm]   adreno_gpu_init+0x1c4/0x2e0 [msm]   a6xx_gpu_init+0x5c8/0x9c8 [msm]   adreno_bind+0x2a8/0x33c [msm]   ...At this point we haven't initialized the GMU at all yet, so we cannot readthe GMU registers inside a6xx_gpu_busy(). A similar issue was fixed beforein commit 6694482a70e9 ("drm/msm: Avoid unclocked GMU register access in6xx gpu_busy"): msm_devfreq_init() does call devfreq_suspend_device(), butunlike msm_devfreq_suspend(), it doesn't set the df->suspended flagaccordingly. This means the df->suspended flag does not match the actualdevfreq state after initialization and msm_devfreq_get_dev_status() willend up accessing GMU registers, causing the crash.Fix this by setting df->suspended correctly during initialization.Patchwork: https://patchwork.freedesktop.org/patch/650772/

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/w4zu/Debian_security