CVE-2025-38047

MEDIUM

5.5

Description

In the Linux kernel, the following vulnerability has been resolved: x86/fred: Fix system hang during S4 resume with FRED enabled Upon a wakeup from S4, the restore kernel starts and initializes the FRED MSRs as needed from its perspective. It then loads a hibernation image, including the image kernel, and attempts to load image pages directly into their original page frames used before hibernation unless those frames are currently in use. Once all pages are moved to their original locations, it jumps to a "trampoline" page in the image kernel. At this point, the image kernel takes control, but the FRED MSRs still contain values set by the restore kernel, which may differ from those set by the image kernel before hibernation. Therefore, the image kernel must ensure the FRED MSRs have the same values as before hibernation. Since these values depend only on the location of the kernel text and data, they can be recomputed from scratch.

CVE Details

CVSS v3.1 Score5.5

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack VectorLOCAL

ComplexityLOW

Privileges RequiredLOW

User InteractionNONE

Published6/18/2025

Last Modified11/14/2025

Sourcenvd

Honeypot Sightings0

Affected Products

linux:linux_kernel

References

https://git.kernel.org/stable/c/c42f740a07eea4807e98d2d8febc549c957a7b49(416baaa9-dc9f-4396-8d5f-8c081fb06d67)

https://git.kernel.org/stable/c/e5f1e8af9c9e151ecd665f6d2e36fb25fec3b110(416baaa9-dc9f-4396-8d5f-8c081fb06d67)

https://git.kernel.org/stable/c/e7090fe75a2826363c71ad1fb4e95e58141478df(416baaa9-dc9f-4396-8d5f-8c081fb06d67)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.