CVE-2025-38515 | drm/sched: Increment job count before swapping tail spsc queue

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Increment job count before swapping tail spsc queue A small race exists between spsc_queue_push and the run-job worker, in which spsc_queue_push may return not-first while the run-job worker has already idled due to the job count being zero. If this race occurs, job scheduling stops, leading to hangs while waiting on the job’s DMA fences. Seal this race by incrementing the job count before appending to the SPSC queue. This race was observed on a drm-tip 6.16-rc1 build with the Xe driver in an SVM test case.

Published: 2025-08-16 Last update: 2026-01-07 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD Status:AnalyzedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2025-38515 is rated Low Risk (20.5/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.02%). Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2025-38515

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-01-08 0.06% 0.02% -0.04%
2 2025-12-16 0.02% 0.06% +0.04%
3 2025-08-16 0.02%

Full EPSS history (3 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2025-38515

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
4.7 3.1 MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 1.0 3.6 [email protected]

Weakness enumeration for CVE-2025-38515

OS Trackers for CVE-2025-38515

vendor priority summary link
debian not yet assigned CVE-2025-38515 not yet assigned priority: Debian including 2 source packages (linux, linux-6.1), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 6. https://security-tracker.debian.org/tracker/CVE-2025-38515
redhat https://access.redhat.com/security/cve/CVE-2025-38515
suse medium CVE-2025-38515 severity moderate: SUSE including 501 source package names (13.2-9.1:libsqlite3-0-3.49.1-1.1, 2.1.3-6.35:libsqlite3-0-3.49.1-1.1, …), 1004 product×package rows across 183 product lines (Container suse/sl-micro/6.0/baremetal-os-container, Container suse/sl-micro/6.0/base-os-container, … (183 product lines)): Fixed 685, Known Affected 231, Known Not Affected 63, First Fixed 25. https://www.suse.com/security/cve/CVE-2025-38515/
ubuntu medium CVE-2025-38515 medium priority: Ubuntu including 158 source packages (linux, linux-allwinner-5.19, …), 1414 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1017, released 165, ignored 161, not-affected 41, needed 26, needs-triage 2, pending 2. https://ubuntu.com/security/CVE-2025-38515

Affected software / configurations for CVE-2025-38515

Vendor Product Version Raw CPE
linux linux_kernel >= 4.16, < 5.4.296 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 5.5, < 5.10.240 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 5.11, < 5.15.189 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 5.16, < 6.1.146 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 6.2, < 6.6.99 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 6.7, < 6.12.39 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 6.13, < 6.15.7 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel 6.16 cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*
linux linux_kernel 6.16 cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:*
linux linux_kernel 6.16 cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:*
linux linux_kernel 6.16 cpe:2.3:o:linux:linux_kernel:6.16:rc4:*:*:*:*:*:*
debian debian_linux 11.0 cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

References for CVE-2025-38515

URL Tags
https://git.kernel.org/stable/c/549a9c78c3ea6807d0dc4162a4f5ba59f217d5a0 Patch
https://git.kernel.org/stable/c/8af39ec5cf2be522c8eb43a3d8005ed59e4daaee Patch
https://git.kernel.org/stable/c/c64f5310530baf75328292f9b9f3f2961d185183 Patch
https://git.kernel.org/stable/c/e2d6547dc8b9b332f9bc00875197287a6a4db65a Patch
https://git.kernel.org/stable/c/e62f51d0ec8a9baf324caf9a564f8e318d36a551 Patch
https://git.kernel.org/stable/c/ef58a95457466849fa7b31fd3953801a5af0f58b Patch
https://git.kernel.org/stable/c/ef841f8e4e1ff67817ca899bedc5ebb00847c0a7 Patch
https://git.kernel.org/stable/c/f9a4f28a4fc4ee453a92a9abbe36e26224d17749 Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Mailing List Third Party Advisory
cvelogic Threat Intelligence