CVE-2025-38690
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-04

Last updated on: 2025-11-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/xe/migrate: prevent infinite recursion If the buf + offset is not aligned to XE_CAHELINE_BYTES we fallback to using a bounce buffer. However the bounce buffer here is allocated on the stack, and the only alignment requirement here is that it's naturally aligned to u8, and not XE_CACHELINE_BYTES. If the bounce buffer is also misaligned we then recurse back into the function again, however the new bounce buffer might also not be aligned, and might never be until we eventually blow through the stack, as we keep recursing. Instead of using the stack use kmalloc, which should respect the power-of-two alignment request here. Fixes a kernel panic when triggering this path through eudebug. v2 (Stuart): - Add build bug check for power-of-two restriction - s/EINVAL/ENOMEM/ (cherry picked from commit 38b34e928a08ba594c4bbf7118aa3aadacd62fff)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-04
Last Modified
2025-11-24
Generated
2026-05-07
AI Q&A
2025-09-04
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38690
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.17
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's drm/xe/migrate function, where an infinite recursion can happen due to misaligned bounce buffers allocated on the stack. When the buffer plus offset is not aligned to XE_CACHELINE_BYTES, a bounce buffer is used. However, this bounce buffer is only naturally aligned to u8, not to XE_CACHELINE_BYTES. If the bounce buffer is also misaligned, the function recurses again, potentially causing infinite recursion and eventually a stack overflow or kernel panic. The fix involves using kmalloc to allocate the bounce buffer with proper power-of-two alignment, preventing the infinite recursion and kernel panic.


How can this vulnerability impact me? :

This vulnerability can cause a kernel panic due to infinite recursion and stack overflow when the affected code path is triggered. This can lead to system instability, crashes, and potential denial of service on systems running the vulnerable Linux kernel.


What immediate steps should I take to mitigate this vulnerability?

Update the Linux kernel to a version that includes the fix for this vulnerability, which replaces the stack-allocated bounce buffer with a kmalloc-allocated buffer to prevent infinite recursion and kernel panic. Avoid triggering the vulnerable code path through eudebug until the patch is applied.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart