CVE-2025-37869

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/xe: Use local fence in error path of xe_migrate_clear

The intent of the error path in xe_migrate_clear is to wait on locally generated fence and then return. The code is waiting on m->fence which could be the local fence but this is only stable under the job mutex leading to a possible UAF. Fix code to wait on local fence.

(cherry picked from commit 762b7e95362170b3e13a8704f38d5e47eca4ba74)

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxdd08ebf6c3525a7ea2186e636df064ea47281987 < 2ac5f466f62892a7d1ac2d1a3eb6cd14efbe2f2daffected
LinuxLinuxdd08ebf6c3525a7ea2186e636df064ea47281987 < dc712938aa26b001f448d5e93f59d57fa80f2dbdaffected
LinuxLinuxdd08ebf6c3525a7ea2186e636df064ea47281987 < 20659d3150f1a2a258a173fe011013178ff2a197affected
LinuxLinux6.8affected
LinuxLinux0 < 6.8unaffected
LinuxLinux6.12.25 <= 6.12.*unaffected
LinuxLinux6.14.4 <= 6.14.*unaffected
LinuxLinux6.15 <= *unaffected

Weaknesses

References