CVE-2025-38036 (GCVE-0-2025-38036)

Vulnerability from cvelistv5 – Published: 2025-06-18 09:33 – Updated: 2025-06-19 13:10
VLAI?
Summary
In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Perform early GT MMIO initialization to read GMDID VFs need to communicate with the GuC to obtain the GMDID value and existing GuC functions used for that assume that the GT has it's MMIO members already setup. However, due to recent refactoring the gt->mmio is initialized later, and any attempt by the VF to use xe_mmio_read|write() from GuC functions will lead to NPD crash due to unset MMIO register address: [] xe 0000:00:02.1: [drm] Running in SR-IOV VF mode [] xe 0000:00:02.1: [drm] GT0: sending H2G MMIO 0x5507 [] BUG: unable to handle page fault for address: 0000000000190240 Since we are already tweaking the id and type of the primary GT to mimic it's a Media GT before initializing the GuC communication, we can also call xe_gt_mmio_init() to perform early setup of the gt->mmio which will make those GuC functions work again.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: dd08ebf6c3525a7ea2186e636df064ea47281987 , < ef6e950aea76a5009ccc79ebfa955ecc66cd85a2 (git)
Affected: dd08ebf6c3525a7ea2186e636df064ea47281987 , < 13265fe7426ec9ba5aa86baab913417ca361e8a4 (git)
Create a notification for this product.
    Linux Linux Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 6.14.9 , ≤ 6.14.* (semver)
Unaffected: 6.15 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/xe/xe_pci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ef6e950aea76a5009ccc79ebfa955ecc66cd85a2",
              "status": "affected",
              "version": "dd08ebf6c3525a7ea2186e636df064ea47281987",
              "versionType": "git"
            },
            {
              "lessThan": "13265fe7426ec9ba5aa86baab913417ca361e8a4",
              "status": "affected",
              "version": "dd08ebf6c3525a7ea2186e636df064ea47281987",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/xe/xe_pci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.9",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/vf: Perform early GT MMIO initialization to read GMDID\n\nVFs need to communicate with the GuC to obtain the GMDID value\nand existing GuC functions used for that assume that the GT has\nit\u0027s MMIO members already setup. However, due to recent refactoring\nthe gt-\u003emmio is initialized later, and any attempt by the VF to use\nxe_mmio_read|write() from GuC functions will lead to NPD crash due\nto unset MMIO register address:\n\n[] xe 0000:00:02.1: [drm] Running in SR-IOV VF mode\n[] xe 0000:00:02.1: [drm] GT0: sending H2G MMIO 0x5507\n[] BUG: unable to handle page fault for address: 0000000000190240\n\nSince we are already tweaking the id and type of the primary GT to\nmimic it\u0027s a Media GT before initializing the GuC communication,\nwe can also call xe_gt_mmio_init() to perform early setup of the\ngt-\u003emmio which will make those GuC functions work again."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-19T13:10:58.362Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ef6e950aea76a5009ccc79ebfa955ecc66cd85a2"
        },
        {
          "url": "https://git.kernel.org/stable/c/13265fe7426ec9ba5aa86baab913417ca361e8a4"
        }
      ],
      "title": "drm/xe/vf: Perform early GT MMIO initialization to read GMDID",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38036",
    "datePublished": "2025-06-18T09:33:22.928Z",
    "dateReserved": "2025-04-16T04:51:23.978Z",
    "dateUpdated": "2025-06-19T13:10:58.362Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-38036\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-06-18T10:15:35.897\",\"lastModified\":\"2025-11-14T17:08:38.437\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndrm/xe/vf: Perform early GT MMIO initialization to read GMDID\\n\\nVFs need to communicate with the GuC to obtain the GMDID value\\nand existing GuC functions used for that assume that the GT has\\nit\u0027s MMIO members already setup. However, due to recent refactoring\\nthe gt-\u003emmio is initialized later, and any attempt by the VF to use\\nxe_mmio_read|write() from GuC functions will lead to NPD crash due\\nto unset MMIO register address:\\n\\n[] xe 0000:00:02.1: [drm] Running in SR-IOV VF mode\\n[] xe 0000:00:02.1: [drm] GT0: sending H2G MMIO 0x5507\\n[] BUG: unable to handle page fault for address: 0000000000190240\\n\\nSince we are already tweaking the id and type of the primary GT to\\nmimic it\u0027s a Media GT before initializing the GuC communication,\\nwe can also call xe_gt_mmio_init() to perform early setup of the\\ngt-\u003emmio which will make those GuC functions work again.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe/vf: Realizar una inicializaci\u00f3n temprana de MMIO de GT para leer GMDID. Los VF deben comunicarse con el GuC para obtener el valor GMDID y las funciones GuC existentes utilizadas para eso suponen que el GT ya tiene configurados sus miembros MMIO. Sin embargo, debido a una refactorizaci\u00f3n reciente, gt-\u0026gt;mmio se inicializa m\u00e1s tarde y cualquier intento del VF de usar xe_mmio_read|write() desde las funciones GuC provocar\u00e1 un bloqueo de NPD debido a una direcci\u00f3n de registro MMIO no establecida: [] xe 0000:00:02.1: [drm] Ejecutando en modo SR-IOV VF [] xe 0000:00:02.1: [drm] GT0: enviando H2G MMIO 0x5507 [] ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: 0000000000190240 Dado que ya estamos ajustando el id y el tipo del GT principal para imitar que es un Media GT antes de inicializar la comunicaci\u00f3n GuC, tambi\u00e9n podemos llamar a xe_gt_mmio_init() para realizar una configuraci\u00f3n temprana de gt-\u0026gt;mmio que har\u00e1 que esas funciones GuC funcionen nuevamente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.8\",\"versionEndExcluding\":\"6.14.9\",\"matchCriteriaId\":\"B4A8109C-7EEC-41C4-A552-73A6F2581578\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/13265fe7426ec9ba5aa86baab913417ca361e8a4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ef6e950aea76a5009ccc79ebfa955ecc66cd85a2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.