CVE-2025-23162
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/vf: Don't try to trigger a full GT reset if VF
VFs don't have access to the GDRST(0x941c) register that driver uses to reset a GT. Attempt to trigger a reset using debugfs:
$ cat /sys/kernel/debug/dri/0000:00:02.1/gt0/force_reset
or due to a hang condition detected by the driver leads to:
[ ] xe 0000:00:02.1: [drm] GT0: trying reset from force_reset [xe] [ ] xe 0000:00:02.1: [drm] GT0: reset queued [ ] xe 0000:00:02.1: [drm] GT0: reset started [ ] ————[ cut here ]———— [ ] xe 0000:00:02.1: [drm] GT0: VF is trying to write 0x1 to an inaccessible register 0x941c+0x0 [ ] WARNING: CPU: 3 PID: 3069 at drivers/gpu/drm/xe/xe_gt_sriov_vf.c:996 xe_gt_sriov_vf_write32+0xc6/0x580 [xe] [ ] RIP: 0010:xe_gt_sriov_vf_write32+0xc6/0x580 [xe] [ ] Call Trace: [ ] <TASK> [ ] ? show_regs+0x6c/0x80 [ ] ? __warn+0x93/0x1c0 [ ] ? xe_gt_sriov_vf_write32+0xc6/0x580 [xe] [ ] ? report_bug+0x182/0x1b0 [ ] ? handle_bug+0x6e/0xb0 [ ] ? exc_invalid_op+0x18/0x80 [ ] ? asm_exc_invalid_op+0x1b/0x20 [ ] ? xe_gt_sriov_vf_write32+0xc6/0x580 [xe] [ ] ? xe_gt_sriov_vf_write32+0xc6/0x580 [xe] [ ] ? xe_gt_tlb_invalidation_reset+0xef/0x110 [xe] [ ] ? __mutex_unlock_slowpath+0x41/0x2e0 [ ] xe_mmio_write32+0x64/0x150 [xe] [ ] do_gt_reset+0x2f/0xa0 [xe] [ ] gt_reset_worker+0x14e/0x1e0 [xe] [ ] process_one_work+0x21c/0x740 [ ] worker_thread+0x1db/0x3c0
Fix that by sending H2G VF_RESET(0x5507) action instead.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | dd08ebf6c3525a7ea2186e636df064ea47281987 < 2eec2fa8666dcecebae33a565a818c9de9af8b50 | affected |
| Linux | Linux | dd08ebf6c3525a7ea2186e636df064ea47281987 < 90b16edb3213e4ae4a3138bb20703ae367e88a01 | affected |
| Linux | Linux | dd08ebf6c3525a7ea2186e636df064ea47281987 < a9bc61a61372897886f58fdaa5582e3f7bf9a50b | affected |
| Linux | Linux | dd08ebf6c3525a7ea2186e636df064ea47281987 < 459777724d306315070d24608fcd89aea85516d6 | affected |
| Linux | Linux | 6.8 | affected |
| Linux | Linux | 0 < 6.8 | unaffected |
| Linux | Linux | 6.12.24 <= 6.12.* | unaffected |
| Linux | Linux | 6.13.12 <= 6.13.* | unaffected |
| Linux | Linux | 6.14.3 <= 6.14.* | unaffected |
| Linux | Linux | 6.15 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/2eec2fa8666dcecebae33a565a818c9de9af8b50
- https://git.kernel.org/stable/c/90b16edb3213e4ae4a3138bb20703ae367e88a01
- https://git.kernel.org/stable/c/a9bc61a61372897886f58fdaa5582e3f7bf9a50b
- https://git.kernel.org/stable/c/459777724d306315070d24608fcd89aea85516d6
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.