CVE-2025-38036
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-18

Last updated on: 2025-11-14

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Perform early GT MMIO initialization to read GMDID VFs need to communicate with the GuC to obtain the GMDID value and existing GuC functions used for that assume that the GT has it's MMIO members already setup. However, due to recent refactoring the gt->mmio is initialized later, and any attempt by the VF to use xe_mmio_read|write() from GuC functions will lead to NPD crash due to unset MMIO register address: [] xe 0000:00:02.1: [drm] Running in SR-IOV VF mode [] xe 0000:00:02.1: [drm] GT0: sending H2G MMIO 0x5507 [] BUG: unable to handle page fault for address: 0000000000190240 Since we are already tweaking the id and type of the primary GT to mimic it's a Media GT before initializing the GuC communication, we can also call xe_gt_mmio_init() to perform early setup of the gt->mmio which will make those GuC functions work again.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-18
Last Modified
2025-11-14
Generated
2026-05-07
AI Q&A
2025-06-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38036
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel involves the drm/xe/vf component where Virtual Functions (VFs) need to communicate with the GuC to obtain the GMDID value. Due to recent code refactoring, the GT's MMIO (Memory-Mapped I/O) members are initialized later than before. As a result, when the VF tries to use GuC functions that rely on MMIO reads or writes, it leads to a null pointer dereference (NPD) crash because the MMIO register address is not set. The fix involves performing early initialization of the GT MMIO to ensure GuC functions work correctly and prevent the crash.


How can this vulnerability impact me? :

This vulnerability can cause the system to crash due to a null pointer dereference when the Virtual Function attempts to communicate with the GuC using MMIO functions before the MMIO registers are properly initialized. This can lead to instability or denial of service in environments using SR-IOV VF mode with the affected Linux kernel component.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring system logs for specific error messages related to the drm/xe driver in SR-IOV VF mode. Look for kernel log entries indicating issues such as 'Running in SR-IOV VF mode', 'GT0: sending H2G MMIO', and 'BUG: unable to handle page fault for address'. Commands like 'dmesg | grep drm' or 'journalctl -k | grep drm' can help identify these messages.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves ensuring that the Linux kernel is updated to a version where the early GT MMIO initialization (xe_gt_mmio_init()) is performed before GuC communication in the drm/xe driver. This prevents the VF from causing a page fault due to unset MMIO register addresses. Until an update is applied, avoid using SR-IOV VF mode with the affected driver to prevent crashes.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart