CVE-2025-38371
📋 TL;DR
A race condition in the Linux kernel's v3d graphics driver allows interrupts to be triggered during GPU resets, leading to NULL pointer dereferences and kernel panics. This affects systems using Broadcom VideoCore VI (V3D) graphics hardware, particularly Raspberry Pi devices. The vulnerability can cause system crashes and denial of service.
💻 Affected Systems
- Linux kernel with v3d driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to complete system crash and denial of service, potentially causing data loss or corruption if the system is performing critical operations.
Likely Case
System instability, GPU hangs, and occasional kernel panics during graphics-intensive operations or GPU resets.
If Mitigated
Minor performance impact from disabling interrupts during resets, but system remains stable.
🎯 Exploit Status
Exploitation requires local access and ability to trigger GPU operations. The vulnerability was discovered through crash analysis rather than active exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 226862f50a7a88e4e4de9abbf36c64d19acd6fd0, 2446e25e9246e0642a41d91cbf54c33b275da3c3, 387da3b6d1a90e3210bc9a7fb56703bdad2ac18a, 576a6739e08ac06c67f2916f71204557232388b0, or 9ff95ed0371aec4d9617e478e9c69cde86cd7c38
Vendor Advisory: https://git.kernel.org/stable/c/226862f50a7a88e4e4de9abbf36c64d19acd6fd0
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For Raspberry Pi OS: sudo apt update && sudo apt upgrade. 3. For other distributions: Use standard kernel update procedures. 4. Reboot the system after update.
🔧 Temporary Workarounds
Disable v3d driver
linuxPrevent loading of the vulnerable v3d graphics driver
echo 'blacklist v3d' | sudo tee /etc/modprobe.d/blacklist-v3d.conf
sudo update-initramfs -u
sudo reboot
Disable GPU acceleration
linuxReduce likelihood of GPU resets by disabling hardware acceleration
Add 'nomodeset' to kernel boot parameters in /boot/cmdline.txt or GRUB configuration
🧯 If You Can't Patch
- Restrict local user access to systems with vulnerable kernels
- Monitor system logs for kernel panic messages related to v3d_irq
🔍 How to Verify
Check if Vulnerable:
Check if v3d module is loaded: lsmod | grep v3d. Check kernel version: uname -r and compare with patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Check dmesg for v3d-related errors after system operation.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning v3d_irq
- NULL pointer dereference at address 00000000000000c0
- GPU hang messages in dmesg
Network Indicators:
- None - this is a local kernel vulnerability
SIEM Query:
source="kernel" AND ("v3d_irq" OR "NULL pointer dereference" OR "GPU reset")🔗 References
- https://git.kernel.org/stable/c/226862f50a7a88e4e4de9abbf36c64d19acd6fd0
- https://git.kernel.org/stable/c/2446e25e9246e0642a41d91cbf54c33b275da3c3
- https://git.kernel.org/stable/c/387da3b6d1a90e3210bc9a7fb56703bdad2ac18a
- https://git.kernel.org/stable/c/576a6739e08ac06c67f2916f71204557232388b0
- https://git.kernel.org/stable/c/9ff95ed0371aec4d9617e478e9c69cde86cd7c38
- https://git.kernel.org/stable/c/b9c403d1236cecb10dd0246a30d81e4b265f8e8d
- https://git.kernel.org/stable/c/c8851a6ab19d9f390677c42a3cc01ff9b2eb6241
- https://git.kernel.org/stable/c/dc805c927cd832bb8f790b756880ae6c769d5fbc
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
