CVE & CISA-KEV Catalog

CVE-2025-38170

MEDIUM
5.5
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Discard stale CPU state when handling SME traps The logic for handling SME traps manipulates saved FPSIMD/SVE/SME state incorrectly, and a race with preemption can result in a task having TIF_SME set and TIF_FOREIGN_FPSTATE clear even though the live CPU state is stale (e.g. with SME traps enabled). This can result in warnings from do_sme_acc() where SME traps are not expected while TIF_SME is set: | /* With TIF_SME userspace shouldn't generate any traps */ | if (test_and_set_thread_flag(TIF_SME)) | WARN_ON(1); This is very similar to the SVE issue we fixed in commit: 751ecf6afd6568ad ("arm64/sve: Discard stale CPU state when handling SVE traps") The race can occur when the SME trap handler is preempted before and after manipulating the saved FPSIMD/SVE/SME state, starting and ending on the same CPU, e.g. | void do_sme_acc(unsigned long esr, struct pt_regs *regs) | { | // Trap on CPU 0 with TIF_SME clear, SME traps enabled | // task->fpsimd_cpu is 0. | // per_cpu_ptr(&fpsimd_last_state, 0) is task. | | ... | | // Preempted; migrated from CPU 0 to CPU 1. | // TIF_FOREIGN_FPSTATE is set. | | get_cpu_fpsimd_context(); | | /* With TIF_SME userspace shouldn't generate any traps */ | if (test_and_set_thread_flag(TIF_SME)) | WARN_ON(1); | | if (!test_thread_flag(TIF_FOREIGN_FPSTATE)) { | unsigned long vq_minus_one = | sve_vq_from_vl(task_get_sme_vl(current)) - 1; | sme_set_vq(vq_minus_one); | | fpsimd_bind_task_to_cpu(); | } | | put_cpu_fpsimd_context(); | | // Preempted; migrated from CPU 1 to CPU 0. | // task->fpsimd_cpu is still 0 | // If per_cpu_ptr(&fpsimd_last_state, 0) is still task then: | // - Stale HW state is reused (with SME traps enabled) | // - TIF_FOREIGN_FPSTATE is cleared | // - A return to userspace skips HW state restore | } Fix the case where the state is not live and TIF_FOREIGN_FPSTATE is set by calling fpsimd_flush_task_state() to detach from the saved CPU state. This ensures that a subsequent context switch will not reuse the stale CPU state, and will instead set TIF_FOREIGN_FPSTATE, forcing the new state to be reloaded from memory prior to a return to userspace. Note: this was originallly posted as [1]. [ Rutland: rewrite commit message ]

How to fix

Remediation Available
linuxDebian
Fixed in:6.1.147-1CVE-2025-38170
Fixed in:6.12.35-1CVE-2025-38170
Fixed in:6.12.35-1CVE-2025-38170
linuxUbuntu
Fixed in:6.8.0-100.100USN-8028-1
linux-awsUbuntu
Fixed in:6.8.0-1046.49USN-8028-5
linux-aws-6.14Ubuntu
Fixed in:6.14.0-1013.13~24.04.1USN-7769-3
linux-aws-6.8Ubuntu
Fixed in:6.8.0-1046.49~22.04.1USN-8028-5
linux-aws-fipsUbuntu
Fixed in:6.8.0-1046.49+fips1USN-8028-4
linux-azureUbuntu
Fixed in:6.8.0-1046.52USN-8074-1
linux-azure-6.8Ubuntu
Fixed in:6.8.0-1051.57~22.04.1USN-8126-1
linux-azure-fipsUbuntu
Fixed in:6.8.0-1046.52+fips1USN-8074-2
linux-fipsUbuntu
Fixed in:6.8.0-100.100+fips1USN-8028-4
linux-gcpUbuntu
Fixed in:6.8.0-1047.50USN-8031-3
linux-gcp-6.14Ubuntu
Fixed in:6.14.0-1016.17~24.04.1USN-7769-1
linux-gcp-6.8Ubuntu
Fixed in:6.8.0-1047.50~22.04.2USN-8031-1
linux-gcp-fipsUbuntu
Fixed in:6.8.0-1047.50+fips1USN-8031-2
linux-gkeUbuntu
Fixed in:6.8.0-1043.48USN-8031-3
linux-gkeopUbuntu
Fixed in:6.8.0-1030.33USN-8028-5
linux-hwe-6.14Ubuntu
Fixed in:6.14.0-32.32~24.04.1USN-7769-3
linux-hwe-6.8Ubuntu
Fixed in:6.8.0-100.100~22.04.1USN-8028-6
linux-ibmUbuntu
Fixed in:6.8.0-1044.44USN-8028-8
linux-ibm-6.8Ubuntu
Fixed in:6.8.0-1044.44~22.04.1USN-8028-8
linux-image-6.14.0-1012-oemUbuntu
Fixed in:6.14.0-1012.12USN-7771-1
linux-image-6.14.0-1012-realtimeUbuntu
Fixed in:6.14.0-1012.12~24.04.1USN-7769-2
linux-image-6.14.0-1013-awsUbuntu
Fixed in:6.14.0-1013.13~24.04.1USN-7769-3
linux-image-6.14.0-1013-aws-64kUbuntu
Fixed in:6.14.0-1013.13~24.04.1USN-7769-3
linux-image-6.14.0-1013-oracleUbuntu
Fixed in:6.14.0-1013.13~24.04.1USN-7789-1
linux-image-6.14.0-1013-oracle-64kUbuntu
Fixed in:6.14.0-1013.13~24.04.1USN-7789-1
linux-image-6.14.0-1016-gcpUbuntu
Fixed in:6.14.0-1016.17~24.04.1USN-7769-1
linux-image-6.14.0-1016-gcp-64kUbuntu
Fixed in:6.14.0-1016.17~24.04.1USN-7769-1
linux-image-6.14.0-32-genericUbuntu
Fixed in:6.14.0-32.32~24.04.1USN-7769-3
linux-image-6.14.0-32-generic-64kUbuntu
Fixed in:6.14.0-32.32~24.04.1USN-7769-3
linux-image-6.8.0-100-fipsUbuntu
Fixed in:6.8.0-100.100+fips1USN-8028-4
linux-image-6.8.0-100-genericUbuntu
Fixed in:6.8.0-100.100~22.04.1USN-8028-6
Fixed in:6.8.0-100.100USN-8028-1
linux-image-6.8.0-100-generic-64kUbuntu
Fixed in:6.8.0-100.100~22.04.1USN-8028-6
Fixed in:6.8.0-100.100USN-8028-1
linux-image-6.8.0-100-lowlatencyUbuntu
Fixed in:6.8.0-100.100.1~22.04.1USN-8028-6
Fixed in:6.8.0-100.100.1USN-8052-1
linux-image-6.8.0-100-lowlatency-64kUbuntu
Fixed in:6.8.0-100.100.1~22.04.1USN-8028-6
Fixed in:6.8.0-100.100.1USN-8052-1
linux-image-6.8.0-1023-xilinxUbuntu
Fixed in:6.8.0-1023.24USN-8052-2
linux-image-6.8.0-1030-gkeopUbuntu
Fixed in:6.8.0-1030.33USN-8028-5
linux-image-6.8.0-1043-gkeUbuntu
Fixed in:6.8.0-1043.48USN-8031-3
linux-image-6.8.0-1043-gke-64kUbuntu
Fixed in:6.8.0-1043.48USN-8031-3
linux-image-6.8.0-1043-oracleUbuntu
Fixed in:6.8.0-1043.44~22.04.1USN-8028-5
Fixed in:6.8.0-1043.44USN-8028-5
linux-image-6.8.0-1043-oracle-64kUbuntu
Fixed in:6.8.0-1043.44~22.04.1USN-8028-5
Fixed in:6.8.0-1043.44USN-8028-5
linux-image-6.8.0-1044-ibmUbuntu
Fixed in:6.8.0-1044.44~22.04.1USN-8028-8
Fixed in:6.8.0-1044.44USN-8028-8
linux-image-6.8.0-1046-awsUbuntu
Fixed in:6.8.0-1046.49~22.04.1USN-8028-5
Fixed in:6.8.0-1046.49USN-8028-5
linux-image-6.8.0-1046-aws-64kUbuntu
Fixed in:6.8.0-1046.49~22.04.1USN-8028-5
Fixed in:6.8.0-1046.49USN-8028-5
linux-image-6.8.0-1046-aws-fipsUbuntu
Fixed in:6.8.0-1046.49+fips1USN-8028-4
linux-image-6.8.0-1046-azureUbuntu
Fixed in:6.8.0-1046.52USN-8074-1
linux-image-6.8.0-1046-azure-fipsUbuntu
Fixed in:6.8.0-1046.52+fips1USN-8074-2
linux-image-6.8.0-1046-nvidiaUbuntu
Fixed in:6.8.0-1046.49~22.04.1USN-8028-5
Fixed in:6.8.0-1046.49USN-8028-5
linux-image-6.8.0-1046-nvidia-64kUbuntu
Fixed in:6.8.0-1046.49~22.04.1USN-8028-5
Fixed in:6.8.0-1046.49USN-8028-5
linux-image-6.8.0-1046-nvidia-lowlatencyUbuntu
Fixed in:6.8.0-1046.49.1USN-8028-7
linux-image-6.8.0-1046-nvidia-lowlatency-64kUbuntu
Fixed in:6.8.0-1046.49.1USN-8028-7
linux-image-6.8.0-1047-gcpUbuntu
Fixed in:6.8.0-1047.50~22.04.2USN-8031-1
Fixed in:6.8.0-1047.50USN-8031-3
linux-image-6.8.0-1047-gcp-64kUbuntu
Fixed in:6.8.0-1047.50~22.04.2USN-8031-1
Fixed in:6.8.0-1047.50USN-8031-3
linux-image-6.8.0-1047-gcp-fipsUbuntu
Fixed in:6.8.0-1047.50+fips1USN-8031-2
linux-image-6.8.0-1047-raspiUbuntu
Fixed in:6.8.0-1047.51USN-8028-1
linux-image-6.8.0-1051-azureUbuntu
Fixed in:6.8.0-1051.57~22.04.1USN-8126-1
linux-image-6.8.0-2037-raspi-realtimeUbuntu
Fixed in:6.8.0-2037.38USN-8028-3
linux-image-6.8.1-1041-realtimeUbuntu
Fixed in:6.8.1-1041.42~22.04.1USN-8028-2
Fixed in:6.8.1-1041.42USN-8028-3
linux-image-awsUbuntu
Fixed in:6.8.0-1046.49~22.04.1USN-8028-5
Fixed in:6.14.0-1013.13~24.04.1USN-7769-3
linux-image-aws-6.14Ubuntu
Fixed in:6.14.0-1013.13~24.04.1USN-7769-3
linux-image-aws-6.8Ubuntu
Fixed in:6.8.0-1046.49~22.04.1USN-8028-5
Fixed in:6.8.0-1046.49USN-8028-5
linux-image-aws-64kUbuntu
Fixed in:6.8.0-1046.49~22.04.1USN-8028-5
Fixed in:6.14.0-1013.13~24.04.1USN-7769-3
linux-image-aws-64k-6.14Ubuntu
Fixed in:6.14.0-1013.13~24.04.1USN-7769-3
linux-image-aws-64k-6.8Ubuntu
Fixed in:6.8.0-1046.49~22.04.1USN-8028-5
Fixed in:6.8.0-1046.49USN-8028-5
linux-image-aws-64k-lts-24.04Ubuntu
Fixed in:6.8.0-1046.49USN-8028-5
linux-image-aws-fipsUbuntu
Fixed in:6.8.0-1046.49+fips1USN-8028-4
linux-image-aws-fips-6.8Ubuntu
Fixed in:6.8.0-1046.49+fips1USN-8028-4
linux-image-aws-lts-24.04Ubuntu
Fixed in:6.8.0-1046.49USN-8028-5
linux-image-azureUbuntu
Fixed in:6.8.0-1051.57~22.04.1USN-8126-1
linux-image-azure-6.8Ubuntu
Fixed in:6.8.0-1051.57~22.04.1USN-8126-1
Fixed in:6.8.0-1046.52USN-8074-1
linux-image-azure-fipsUbuntu
Fixed in:6.8.0-1046.52+fips1USN-8074-2
linux-image-azure-fips-6.8Ubuntu
Fixed in:6.8.0-1046.52+fips1USN-8074-2
linux-image-azure-lts-24.04Ubuntu
Fixed in:6.8.0-1046.52USN-8074-1
linux-image-fipsUbuntu
Fixed in:6.8.0-100.100+fips1USN-8028-4
linux-image-fips-6.8Ubuntu
Fixed in:6.8.0-100.100+fips1USN-8028-4
linux-image-gcpUbuntu
Fixed in:6.8.0-1047.50~22.04.2USN-8031-1
Fixed in:6.14.0-1016.17~24.04.1USN-7769-1
linux-image-gcp-6.14Ubuntu
Fixed in:6.14.0-1016.17~24.04.1USN-7769-1
linux-image-gcp-6.8Ubuntu
Fixed in:6.8.0-1047.50~22.04.2USN-8031-1
Fixed in:6.8.0-1047.50USN-8031-3
linux-image-gcp-64kUbuntu
Fixed in:6.8.0-1047.50~22.04.2USN-8031-1
Fixed in:6.14.0-1016.17~24.04.1USN-7769-1
linux-image-gcp-64k-6.14Ubuntu
Fixed in:6.14.0-1016.17~24.04.1USN-7769-1
linux-image-gcp-64k-6.8Ubuntu
Fixed in:6.8.0-1047.50~22.04.2USN-8031-1
Fixed in:6.8.0-1047.50USN-8031-3
linux-image-gcp-64k-lts-24.04Ubuntu
Fixed in:6.8.0-1047.50USN-8031-3
linux-image-gcp-fipsUbuntu
Fixed in:6.8.0-1047.50+fips1USN-8031-2
linux-image-gcp-fips-6.8Ubuntu
Fixed in:6.8.0-1047.50+fips1USN-8031-2
linux-image-gcp-lts-24.04Ubuntu
Fixed in:6.8.0-1047.50USN-8031-3
linux-image-genericUbuntu
Fixed in:6.8.0-100.100USN-8028-1
linux-image-generic-6.14Ubuntu
Fixed in:6.14.0-32.32~24.04.1USN-7769-3
linux-image-generic-6.8Ubuntu
Fixed in:6.8.0-100.100~22.04.1USN-8028-6
Fixed in:6.8.0-100.100USN-8028-1
linux-image-generic-64kUbuntu
Fixed in:6.8.0-100.100USN-8028-1
linux-image-generic-64k-6.14Ubuntu
Fixed in:6.14.0-32.32~24.04.1USN-7769-3
linux-image-generic-64k-6.8Ubuntu
Fixed in:6.8.0-100.100~22.04.1USN-8028-6
Fixed in:6.8.0-100.100USN-8028-1
linux-image-generic-64k-hwe-22.04Ubuntu
Fixed in:6.8.0-100.100~22.04.1USN-8028-6
linux-image-generic-64k-hwe-24.04Ubuntu
Fixed in:6.14.0-32.32~24.04.1USN-7769-3
linux-image-generic-hwe-22.04Ubuntu
Fixed in:6.8.0-100.100~22.04.1USN-8028-6
linux-image-generic-hwe-24.04Ubuntu
Fixed in:6.14.0-32.32~24.04.1USN-7769-3
linux-image-generic-lpaeUbuntu
Fixed in:6.8.0-100.100USN-8028-1
linux-image-gkeUbuntu
Fixed in:6.8.0-1043.48USN-8031-3
linux-image-gke-6.8Ubuntu
Fixed in:6.8.0-1043.48USN-8031-3
linux-image-gke-64kUbuntu
Fixed in:6.8.0-1043.48USN-8031-3
linux-image-gke-64k-6.8Ubuntu
Fixed in:6.8.0-1043.48USN-8031-3
linux-image-gkeopUbuntu
Fixed in:6.8.0-1030.33USN-8028-5
linux-image-gkeop-6.8Ubuntu
Fixed in:6.8.0-1030.33USN-8028-5
linux-image-ibmUbuntu
Fixed in:6.8.0-1044.44USN-8028-8
linux-image-ibm-6.8Ubuntu
Fixed in:6.8.0-1044.44~22.04.1USN-8028-8
Fixed in:6.8.0-1044.44USN-8028-8
linux-image-ibm-classicUbuntu
Fixed in:6.8.0-1044.44USN-8028-8
linux-image-ibm-lts-24.04Ubuntu
Fixed in:6.8.0-1044.44USN-8028-8
linux-image-intel-iot-realtimeUbuntu
Fixed in:6.8.1-1041.42USN-8028-3
linux-image-intel-iotgUbuntu
Fixed in:6.8.0-100.100USN-8028-1
linux-image-kvmUbuntu
Fixed in:6.8.0-100.100USN-8028-1
linux-image-lowlatencyUbuntu
Fixed in:6.8.0-100.100.1USN-8052-1
linux-image-lowlatency-6.8Ubuntu
Fixed in:6.8.0-100.100.1~22.04.1USN-8028-6
Fixed in:6.8.0-100.100.1USN-8052-1
linux-image-lowlatency-64kUbuntu
Fixed in:6.8.0-100.100.1USN-8052-1
linux-image-lowlatency-64k-6.8Ubuntu
Fixed in:6.8.0-100.100.1~22.04.1USN-8028-6
Fixed in:6.8.0-100.100.1USN-8052-1
linux-image-lowlatency-64k-hwe-22.04Ubuntu
Fixed in:6.8.0-100.100.1~22.04.1USN-8028-6
linux-image-lowlatency-hwe-22.04Ubuntu
Fixed in:6.8.0-100.100.1~22.04.1USN-8028-6
linux-image-nvidiaUbuntu
Fixed in:6.8.0-1046.49USN-8028-5
linux-image-nvidia-6.8Ubuntu
Fixed in:6.8.0-1046.49~22.04.1USN-8028-5
Fixed in:6.8.0-1046.49USN-8028-5
linux-image-nvidia-64kUbuntu
Fixed in:6.8.0-1046.49USN-8028-5
linux-image-nvidia-64k-6.8Ubuntu
Fixed in:6.8.0-1046.49~22.04.1USN-8028-5
Fixed in:6.8.0-1046.49USN-8028-5
linux-image-nvidia-64k-hwe-22.04Ubuntu
Fixed in:6.8.0-1046.49~22.04.1USN-8028-5
linux-image-nvidia-hwe-22.04Ubuntu
Fixed in:6.8.0-1046.49~22.04.1USN-8028-5
linux-image-nvidia-lowlatencyUbuntu
Fixed in:6.8.0-1046.49.1USN-8028-7
linux-image-nvidia-lowlatency-6.8Ubuntu
Fixed in:6.8.0-1046.49.1USN-8028-7
linux-image-nvidia-lowlatency-64kUbuntu
Fixed in:6.8.0-1046.49.1USN-8028-7
linux-image-nvidia-lowlatency-64k-6.8Ubuntu
Fixed in:6.8.0-1046.49.1USN-8028-7
linux-image-oem-22.04Ubuntu
Fixed in:6.8.0-100.100~22.04.1USN-8028-6
linux-image-oem-22.04aUbuntu
Fixed in:6.8.0-100.100~22.04.1USN-8028-6
linux-image-oem-22.04bUbuntu
Fixed in:6.8.0-100.100~22.04.1USN-8028-6
linux-image-oem-22.04cUbuntu
Fixed in:6.8.0-100.100~22.04.1USN-8028-6
linux-image-oem-22.04dUbuntu
Fixed in:6.8.0-100.100~22.04.1USN-8028-6
linux-image-oem-24.04Ubuntu
Fixed in:6.14.0-1012.12USN-7771-1
linux-image-oem-24.04aUbuntu
Fixed in:6.14.0-1012.12USN-7771-1
linux-image-oem-24.04bUbuntu
Fixed in:6.14.0-1012.12USN-7771-1
linux-image-oem-24.04cUbuntu
Fixed in:6.14.0-1012.12USN-7771-1
linux-image-oem-6.14Ubuntu
Fixed in:6.14.0-1012.12USN-7771-1
linux-image-oracleUbuntu
Fixed in:6.8.0-1043.44~22.04.1USN-8028-5
Fixed in:6.14.0-1013.13~24.04.1USN-7789-1
linux-image-oracle-6.14Ubuntu
Fixed in:6.14.0-1013.13~24.04.1USN-7789-1
linux-image-oracle-6.8Ubuntu
Fixed in:6.8.0-1043.44~22.04.1USN-8028-5
Fixed in:6.8.0-1043.44USN-8028-5
linux-image-oracle-64kUbuntu
Fixed in:6.8.0-1043.44~22.04.1USN-8028-5
Fixed in:6.14.0-1013.13~24.04.1USN-7789-1
linux-image-oracle-64k-6.14Ubuntu
Fixed in:6.14.0-1013.13~24.04.1USN-7789-1
linux-image-oracle-64k-6.8Ubuntu
Fixed in:6.8.0-1043.44~22.04.1USN-8028-5
Fixed in:6.8.0-1043.44USN-8028-5
linux-image-oracle-64k-lts-24.04Ubuntu
Fixed in:6.8.0-1043.44USN-8028-5
linux-image-oracle-lts-24.04Ubuntu
Fixed in:6.8.0-1043.44USN-8028-5
linux-image-raspiUbuntu
Fixed in:6.8.0-1047.51USN-8028-1
linux-image-raspi-6.8Ubuntu
Fixed in:6.8.0-1047.51USN-8028-1
linux-image-raspi-realtimeUbuntu
Fixed in:6.8.0-2037.38USN-8028-3
linux-image-raspi-realtime-6.8Ubuntu
Fixed in:6.8.0-2037.38USN-8028-3
linux-image-realtimeUbuntu
Fixed in:6.8.1-1041.42USN-8028-3
linux-image-realtime-6.14Ubuntu
Fixed in:6.14.0-1012.12~24.04.1USN-7769-2
linux-image-realtime-6.8.1Ubuntu
Fixed in:6.8.1-1041.42~22.04.1USN-8028-2
Fixed in:6.8.1-1041.42USN-8028-3
linux-image-realtime-hwe-22.04Ubuntu
Fixed in:6.8.1-1041.42~22.04.1USN-8028-2
linux-image-realtime-hwe-24.04Ubuntu
Fixed in:6.14.0-1012.12~24.04.1USN-7769-2
linux-image-virtualUbuntu
Fixed in:6.8.0-100.100USN-8028-1
linux-image-virtual-6.14Ubuntu
Fixed in:6.14.0-32.32~24.04.1USN-7769-3
linux-image-virtual-6.8Ubuntu
Fixed in:6.8.0-100.100~22.04.1USN-8028-6
Fixed in:6.8.0-100.100USN-8028-1
linux-image-virtual-hwe-22.04Ubuntu
Fixed in:6.8.0-100.100~22.04.1USN-8028-6
linux-image-virtual-hwe-24.04Ubuntu
Fixed in:6.14.0-32.32~24.04.1USN-7769-3
linux-image-xilinxUbuntu
Fixed in:6.8.0.1023.24USN-8052-2
linux-image-xilinx-6.8Ubuntu
Fixed in:6.8.0.1023.24USN-8052-2
linux-image-xilinx-zynqmpUbuntu
Fixed in:6.8.0.1023.24USN-8052-2
linux-lowlatencyUbuntu
Fixed in:6.8.0-100.100.1USN-8052-1
linux-lowlatency-hwe-6.8Ubuntu
Fixed in:6.8.0-100.100.1~22.04.1USN-8028-6
linux-nvidiaUbuntu
Fixed in:6.8.0-1046.49USN-8028-5
linux-nvidia-6.8Ubuntu
Fixed in:6.8.0-1046.49~22.04.1USN-8028-5
linux-nvidia-lowlatencyUbuntu
Fixed in:6.8.0-1046.49.1USN-8028-7
linux-oem-6.14Ubuntu
Fixed in:6.14.0-1012.12USN-7771-1
linux-oracleUbuntu
Fixed in:6.8.0-1043.44USN-8028-5
linux-oracle-6.14Ubuntu
Fixed in:6.14.0-1013.13~24.04.1USN-7789-1
linux-oracle-6.8Ubuntu
Fixed in:6.8.0-1043.44~22.04.1USN-8028-5
linux-raspiUbuntu
Fixed in:6.8.0-1047.51USN-8028-1
linux-raspi-realtimeUbuntu
Fixed in:6.8.0-2037.38USN-8028-3
linux-realtimeUbuntu
Fixed in:6.8.1-1041.42USN-8028-3
linux-realtime-6.14Ubuntu
Fixed in:6.14.0-1012.12~24.04.1USN-7769-2
linux-realtime-6.8Ubuntu
Fixed in:6.8.1-1041.42~22.04.1USN-8028-2
linux-xilinxUbuntu
Fixed in:6.8.0-1023.24USN-8052-2

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.14%probability of exploitation in 30 days
4thpercentile

Low risk: more likely to be exploited than 4% of all known CVEs.

References

Embed a live status badge for CVE-2025-38170
CVE-2025-38170 severity badge

Markdown

[![CVE-2025-38170](https://tridentstack.com/cve/badge/CVE-2025-38170.svg)](https://tridentstack.com/cve/CVE-2025-38170)

HTML

<a href="https://tridentstack.com/cve/CVE-2025-38170"><img src="https://tridentstack.com/cve/badge/CVE-2025-38170.svg" alt="CVE-2025-38170"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-12-18.