logo_clicknbuy.png

CVE-2025-38511 – Linux Kernel Xe DRM Uninitialized Data Exposure Vulnerability

The following table lists the changes that have been made to the
CVE-2025-38511 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Aug. 16, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved:

    drm/xe/pf: Clear all LMTT pages on alloc

    Our LMEM buffer objects are not cleared by default on alloc
    and during VF provisioning we only setup LMTT PTEs for the
    actually provisioned LMEM range. But beyond that valid range
    we might leave some stale data that could either point to some
    other VFs allocations or even to the PF pages.

    Explicitly clear all new LMTT page to avoid the risk that a
    malicious VF would try to exploit that gap.

    While around add asserts to catch any undesired PTE overwrites
    and low-level debug traces to track LMTT PT life-cycle.

    (cherry picked from commit 3fae6918a3e27cce20ded2551f863fb05d4bef8d)
    Added Reference https://git.kernel.org/stable/c/5d21892c2e15b6a27f8bc907693eca7c6b7cc269
    Added Reference https://git.kernel.org/stable/c/705a412a367f383430fa34bada387af2e52eb043
    Added Reference https://git.kernel.org/stable/c/ff4b8c9ade1b82979fdd01e6f45b60f92eed26d8
Share the Post:

Related Posts