2391062 – (CVE-2025-38511) CVE-2025-38511 kernel: drm/xe/pf: Clear all LMTT pages on alloc

Bug 2391062 (CVE-2025-38511) - CVE-2025-38511 kernel: drm/xe/pf: Clear all LMTT pages on alloc

Summary: CVE-2025-38511 kernel: drm/xe/pf: Clear all LMTT pages on alloc

Keywords:
Status:	NEW
Alias:	CVE-2025-38511
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-08-26 15:09 UTC by OSIDB Bzimport
Modified:	2025-08-26 16:03 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-08-26 15:09:21 UTC

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/pf: Clear all LMTT pages on alloc

Our LMEM buffer objects are not cleared by default on alloc
and during VF provisioning we only setup LMTT PTEs for the
actually provisioned LMEM range. But beyond that valid range
we might leave some stale data that could either point to some
other VFs allocations or even to the PF pages.

Explicitly clear all new LMTT page to avoid the risk that a
malicious VF would try to exploit that gap.

While around add asserts to catch any undesired PTE overwrites
and low-level debug traces to track LMTT PT life-cycle.

(cherry picked from commit 3fae6918a3e27cce20ded2551f863fb05d4bef8d)

Comment 1 Jon Moroney 2025-08-26 16:01:21 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025081651-CVE-2025-38511-5370@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.