CVE-2025-68193
BaseFortify
Publication date: 2025-12-16
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's drm/xe/guc driver where a buffer object (BO) allocated with the XE_BO_FLAG_GGTT_INVALIDATE flag is released prematurely. The driver uses the CTB mechanism to initiate TLB invalidation requests when releasing the BO, but if the CTB BO is released too early, it can cause system crashes due to a use-after-free scenario. The fix involves adding a devm-managed release action to ensure the CTB is properly disabled before resources are deallocated, preventing this unsafe condition.
How can this vulnerability impact me? :
This vulnerability can lead to system crashes in affected Linux kernel environments, potentially causing instability or denial of service. If exploited or triggered, it may disrupt normal system operations, affecting reliability and availability.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to a version that includes the fix for this vulnerability, which introduces a devm-managed release action during xe_guc_ct_init() and xe_guc_ct_init_post_hwconfig() to ensure proper CTB disablement before resource deallocation, preventing system crashes due to use-after-free. This update prevents premature release of the CTB BO and related system crashes.