CVE-2025-38374

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38374
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38374.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-38374
Downstream
Published
2025-07-25T12:53:16Z
Modified
2025-10-22T13:50:57.952945Z
Summary
optee: ffa: fix sleep in atomic context
Details

In the Linux kernel, the following vulnerability has been resolved:

optee: ffa: fix sleep in atomic context

The OP-TEE driver registers the function notif_callback() for FF-A notifications. However, this function is called in an atomic context leading to errors like this when processing asynchronous notifications:

| BUG: sleeping function called from invalid context at kernel/locking/mutex.c:258 | inatomic(): 1, irqsdisabled(): 1, nonblock: 0, pid: 9, name: kworker/0:0 | preemptcount: 1, expected: 0 | RCU nest depth: 0, expected: 0 | CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.14.0-00019-g657536ebe0aa #13 | Hardware name: linux,dummy-virt (DT) | Workqueue: ffapcpuirqnotification notifpcpuirqworkfn | Call trace: | showstack+0x18/0x24 (C) | dumpstacklvl+0x78/0x90 | dumpstack+0x18/0x24 | _mightresched+0x114/0x170 | _mightsleep+0x48/0x98 | mutexlock+0x24/0x80 | opteegetmsgarg+0x7c/0x21c | simplecallwitharg+0x50/0xc0 | opteedobottomhalf+0x14/0x20 | notifcallback+0x3c/0x48 | handlenotifcallbacks+0x9c/0xe0 | notifgetandhandle+0x40/0x88 | genericexecsingle+0x80/0xc0 | smpcallfunctionsingle+0xfc/0x1a0 | notifpcpuirqworkfn+0x2c/0x38 | processonework+0x14c/0x2b4 | workerthread+0x2e4/0x3e0 | kthread+0x13c/0x210 | retfrom_fork+0x10/0x20

Fix this by adding work queue to process the notification in a non-atomic context.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d0476a59de064205f4aaa8f7c6d6f32bc28a44d4
Fixed
5f28563f0c6862c99eb115c918421d9b73f137ad
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d0476a59de064205f4aaa8f7c6d6f32bc28a44d4
Fixed
f27cf15783bd60063c6c97434cbd67ebd91d8db5
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d0476a59de064205f4aaa8f7c6d6f32bc28a44d4
Fixed
312d02adb959ea199372f375ada06e0186f651e4

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.36
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.15.1
v6.15.2
v6.15.3
v6.15.4
v6.15.5
v6.7
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.12.37
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.15.6