CVE-2025-38369

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-38369

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38369.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-38369

Downstream

BELL-CVE-2025-38369

DEBIAN-CVE-2025-38369

ECHO-0aaa-8316-39de

OESA-2025-2077

OESA-2025-2078

OESA-2025-2079

SUSE-SU-2025:02853-1

SUSE-SU-2025:02923-1

SUSE-SU-2025:02969-1

SUSE-SU-2025:03023-1

UBUNTU-CVE-2025-38369

Related

Published

2025-07-25T13:15:25Z

Modified

2025-08-09T19:01:28Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using

Running IDXD workloads in a container with the /dev directory mounted can trigger a call trace or even a kernel panic when the parent process of the container is terminated.

This issue occurs because, under certain configurations, Docker does not properly propagate the mount replica back to the original mount point.

In this case, when the user driver detaches, the WQ is destroyed but it still calls destroy_workqueue() attempting to completes all pending work. It's necessary to check wq->wq and skip the drain if it no longer exists.

References

Affected packages