CVE-2025-40086
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-30

Last updated on: 2025-10-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds An array of VM binds can potentially evict other buffer objects (BOs) within the same VM under certain conditions, which may lead to NULL pointer dereferences later in the bind pipeline. To prevent this, clear the allow_res_evict flag in the xe_bo_validate call. v2: - Invert polarity of no_res_evict (Thomas) - Add comment in code explaining issue (Thomas) (cherry picked from commit 8b9ba8d6d95fe75fed6b0480bb03da4b321bea08)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-30
Last Modified
2025-10-30
Generated
2026-06-16
AI Q&A
2025-10-30
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40086
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel's drm/xe component involves the improper handling of buffer objects (BOs) within the same virtual machine (VM) when using an array of VM binds. Specifically, the system could evict BOs in the same VM under certain conditions, which may cause NULL pointer dereferences later in the bind pipeline. The fix involves clearing the allow_res_evict flag in the xe_bo_validate call to prevent such evictions.

Impact Analysis

The vulnerability can lead to NULL pointer dereferences during the bind pipeline in the Linux kernel's drm/xe component. This could cause system instability, crashes, or denial of service conditions when handling buffer objects within the same VM, potentially affecting system reliability and availability.

Mitigation Strategies

Apply the patch that clears the allow_res_evict flag in the xe_bo_validate call in the Linux kernel drm/xe driver to prevent eviction of buffer objects within the same VM. This involves updating the kernel to the fixed version containing the commit 8b9ba8d6d95fe75fed6b0480bb03da4b321bea08.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40086. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart