CVE-2025-23162

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-23162
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-23162.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-23162
Downstream
Published
2025-05-01T12:55:46Z
Modified
2025-10-10T09:35:31.476340Z
Summary
drm/xe/vf: Don't try to trigger a full GT reset if VF
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/vf: Don't try to trigger a full GT reset if VF

VFs don't have access to the GDRST(0x941c) register that driver uses to reset a GT. Attempt to trigger a reset using debugfs:

$ cat /sys/kernel/debug/dri/0000:00:02.1/gt0/force_reset

or due to a hang condition detected by the driver leads to:

[ ] xe 0000:00:02.1: [drm] GT0: trying reset from forcereset [xe] [ ] xe 0000:00:02.1: [drm] GT0: reset queued [ ] xe 0000:00:02.1: [drm] GT0: reset started [ ] ------------[ cut here ]------------ [ ] xe 0000:00:02.1: [drm] GT0: VF is trying to write 0x1 to an inaccessible register 0x941c+0x0 [ ] WARNING: CPU: 3 PID: 3069 at drivers/gpu/drm/xe/xegtsriovvf.c:996 xegtsriovvfwrite32+0xc6/0x580 [xe] [ ] RIP: 0010:xegtsriovvfwrite32+0xc6/0x580 [xe] [ ] Call Trace: [ ] <TASK> [ ] ? showregs+0x6c/0x80 [ ] ? _warn+0x93/0x1c0 [ ] ? xegtsriovvfwrite32+0xc6/0x580 [xe] [ ] ? reportbug+0x182/0x1b0 [ ] ? handlebug+0x6e/0xb0 [ ] ? excinvalidop+0x18/0x80 [ ] ? asmexcinvalidop+0x1b/0x20 [ ] ? xegtsriovvfwrite32+0xc6/0x580 [xe] [ ] ? xegtsriovvfwrite32+0xc6/0x580 [xe] [ ] ? xegttlbinvalidationreset+0xef/0x110 [xe] [ ] ? _mutexunlockslowpath+0x41/0x2e0 [ ] xemmiowrite32+0x64/0x150 [xe] [ ] dogtreset+0x2f/0xa0 [xe] [ ] gtresetworker+0x14e/0x1e0 [xe] [ ] processonework+0x21c/0x740 [ ] worker_thread+0x1db/0x3c0

Fix that by sending H2G VF_RESET(0x5507) action instead.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
dd08ebf6c3525a7ea2186e636df064ea47281987
Fixed
2eec2fa8666dcecebae33a565a818c9de9af8b50
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
dd08ebf6c3525a7ea2186e636df064ea47281987
Fixed
90b16edb3213e4ae4a3138bb20703ae367e88a01
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
dd08ebf6c3525a7ea2186e636df064ea47281987
Fixed
a9bc61a61372897886f58fdaa5582e3f7bf9a50b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
dd08ebf6c3525a7ea2186e636df064ea47281987
Fixed
459777724d306315070d24608fcd89aea85516d6

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.13.1
v6.13.10
v6.13.11
v6.13.2
v6.13.3
v6.13.4
v6.13.5
v6.13.6
v6.13.7
v6.13.8
v6.13.9
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.14.1
v6.14.2
v6.7
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.12.24
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.13.12
Type
ECOSYSTEM
Events
Introduced
6.14.0
Fixed
6.14.3