What is CVE-2025-38005?

CVE-2025-38005 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10, affecting Linux kernel versions from 5.6 onward and patched in 5.10.238, 5.15.184, 6.1.140 and others. CVE-2025-38005 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-38005?

CVE-2025-38005 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2025-38005?

Yes, CVE-2025-38005 has been patched. Fixed versions include 5.10.238, 5.15.184, 6.1.140 and others. If you are running Linux kernel 5.6 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-38005 actively exploited?

CVE-2025-38005 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-38005

Medium

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Add missing locking Recent kernels complain about a missing lock in k3-udma.c when the lock validator is enabled: [ 4.128073] WARNING: CPU: 0 PID: 746 at drivers/dma/ti/../virt-dma.h:169 udma_start.isra.0+0x34/0x238 [ 4.137352] CPU: 0 UID: 0 PID: 746 Comm: kworker/0:3 Not tainted 6.12.9-arm64 #28 [ 4.144867] Hardware name: pp-v12 (DT) [ 4.148648] Workqueue: events udma_check_tx_completion [ 4.153841] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 4.160834] pc : udma_start.isra.0+0x34/0x238 [ 4.165227] lr : udma_start.isra.0+0x30/0x238 [ 4.169618] sp : ffffffc083cabcf0 [ 4.172963] x29: ffffffc083cabcf0 x28: 0000000000000000 x27: ffffff800001b005 [ 4.180167] x26: ffffffc0812f0000 x25: 0000000000000000 x24: 0000000000000000 [ 4.187370] x23: 0000000000000001 x22: 00000000e21eabe9 x21: ffffff8000fa0670 [ 4.194571] x20: ffffff8001b6bf00 x19: ffffff8000fa0430 x18: ffffffc083b95030 [ 4.201773] x17: 0000000000000000 x16: 00000000f0000000 x15: 0000000000000048 [ 4.208976] x14: 0000000000000048 x13: 0000000000000000 x12: 0000000000000001 [ 4.216179] x11: ffffffc08151a240 x10: 0000000000003ea1 x9 : ffffffc08046ab68 [ 4.223381] x8 : ffffffc083cabac0 x7 : ffffffc081df3718 x6 : 0000000000029fc8 [ 4.230583] x5 : ffffffc0817ee6d8 x4 : 0000000000000bc0 x3 : 0000000000000000 [ 4.237784] x2 : 0000000000000000 x1 : 00000000001fffff x0 : 0000000000000000 [ 4.244986] Call trace: [ 4.247463] udma_start.isra.0+0x34/0x238 [ 4.251509] udma_check_tx_completion+0xd0/0xdc [ 4.256076] process_one_work+0x244/0x3fc [ 4.260129] process_scheduled_works+0x6c/0x74 [ 4.264610] worker_thread+0x150/0x1dc [ 4.268398] kthread+0xd8/0xe8 [ 4.271492] ret_from_fork+0x10/0x20 [ 4.275107] irq event stamp: 220 [ 4.278363] hardirqs last enabled at (219): [<ffffffc080a27c7c>] _raw_spin_unlock_irq+0x38/0x50 [ 4.287183] hardirqs last disabled at (220): [<ffffffc080a1c154>] el1_dbg+0x24/0x50 [ 4.294879] softirqs last enabled at (182): [<ffffffc080037e68>] handle_softirqs+0x1c0/0x3cc [ 4.303437] softirqs last disabled at (177): [<ffffffc080010170>] __do_softirq+0x1c/0x28 [ 4.311559] ---[ end trace 0000000000000000 ]--- This commit adds the missing locking.

Package Linux Kernel

Published 2025-06-18

Last modified 2025-12-17

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected versions

Linux kernel versions 5.6 and later are affected. Fixed in 5.10.238, 5.15.184, 6.1.140, 6.6.92, 6.12.30, 6.14.8, 6.15 and their respective stable series.

Affected from

≥ 5.6

Fixed in

✓ 5.10.238 5.10.x ✓ 5.15.184 5.15.x ✓ 6.1.140 6.1.x ✓ 6.6.92 6.6.x ✓ 6.12.30 6.12.x ✓ 6.14.8 6.14.x ✓ 6.15

References

The following references provide additional information about CVE-2025-38005 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Debian Security
https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html

Third Party Advisory
Debian Security
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

Third Party Advisory
Kernel patch commit
https://git.kernel.org/stable/c/0ea0433f822ed0549715f7044c9cd1cf132ff7fa
Patch
Kernel patch commit
https://git.kernel.org/stable/c/26e63b2fe30c61bd25981c6084f67a8af79945d0
Patch
Kernel patch commit
https://git.kernel.org/stable/c/27e71fa08711e09d81e06a54007b362a5426fd22
Patch

7 patch commits total View all on NVD

Details

CVE ID CVE-2025-38005

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2025-06-18

Modified 2025-12-17

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2025-38005?

CVE-2025-38005 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . It affects Linux kernel versions from 5.6 onward and has been patched in 5.10.238, 5.15.184, 6.1.140 and others. CVE-2025-38005 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2025-38005?

CVE-2025-38005 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2025-38005?

Yes — CVE-2025-38005 has been patched. Fixed versions include 5.10.238, 5.15.184, 6.1.140 and others. If you are running Linux kernel 5.6 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-38005 actively exploited?

No — CVE-2025-38005 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.