CVE-2025-38511
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-16

Last updated on: 2025-11-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Clear all LMTT pages on alloc Our LMEM buffer objects are not cleared by default on alloc and during VF provisioning we only setup LMTT PTEs for the actually provisioned LMEM range. But beyond that valid range we might leave some stale data that could either point to some other VFs allocations or even to the PF pages. Explicitly clear all new LMTT page to avoid the risk that a malicious VF would try to exploit that gap. While around add asserts to catch any undesired PTE overwrites and low-level debug traces to track LMTT PT life-cycle. (cherry picked from commit 3fae6918a3e27cce20ded2551f863fb05d4bef8d)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-16
Last Modified
2025-11-18
Generated
2026-05-27
AI Q&A
2025-08-16
EPSS Evaluated
2026-05-25
NVD
CVE-2025-38511
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel involves the drm/xe/pf component where LMEM buffer objects are not cleared by default upon allocation. During Virtual Function (VF) provisioning, only the LMTT Page Table Entries (PTEs) for the provisioned LMEM range are set up, leaving stale data beyond that range. This stale data could potentially point to other VFs allocations or even to the Physical Function (PF) pages, which could be exploited by a malicious VF. The fix involves explicitly clearing all new LMTT pages on allocation to prevent this risk.


How can this vulnerability impact me? :

This vulnerability could allow a malicious Virtual Function (VF) to access or infer data from other VFs or the Physical Function (PF) due to stale data left in LMEM buffer objects. This could lead to unauthorized data exposure or leakage between different functions sharing the hardware, potentially compromising system security and data confidentiality.


What immediate steps should I take to mitigate this vulnerability?

Apply the patch that clears all LMTT pages on allocation in the Linux kernel drm/xe/pf component. This ensures that stale data is not left in LMEM buffer objects, preventing potential exploitation by malicious VFs. Additionally, monitor for kernel updates that include this fix and update your system accordingly.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart