CVE-2025-38356

During driver probe we might be briefly using CT safe mode, which is based on a delayed work, but usually we are able to stop this once we have IRQ fully operational. However, if we abort the probe quite early then during unwind we might try to destroy the workqueue while there is still a pending delayed work that attempts to restart itself which triggers a WARN.

This was recently observed during unsuccessful VF initialization:

[ ] xe 0000:00:02.1: probe with driver xe failed with error -62 [ ] ------------[ cut here ]------------ [ ] workqueue: cannot queue safemodeworkerfunc [xe] on wq xe-g2h-wq [ ] WARNING: CPU: 9 PID: 0 at kernel/workqueue.c:2257 queuework+0x287/0x710 [ ] RIP: 0010:queuework+0x287/0x710 [ ] Call Trace: [ ] delayedworktimerfn+0x19/0x30 [ ] calltimerfn+0xa1/0x2a0

Exit the CT safe mode on unwind to avoid that warning.

(cherry picked from commit 2ddbb73ec20b98e70a5200cb85deade22ccea2ec)

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

09b286950f2911615694f4a1ff491efe9ed5eeba

Fixed

6d0b588614c43d6334b2d7a70a99f31f7b14ecc0

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

09b286950f2911615694f4a1ff491efe9ed5eeba

Fixed

f161e905b08ae8a513c5a36a10e3163e9920cfe6

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

09b286950f2911615694f4a1ff491efe9ed5eeba

Fixed

ad40098da5c3b43114d860a5b5740e7204158534

Affected versions

v6.*

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.12

v6.12-rc1

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.12-rc5

v6.12-rc6

v6.12-rc7

v6.12.1

v6.12.10

v6.12.11

v6.12.12

v6.12.13

v6.12.14

v6.12.15

v6.12.16

v6.12.17

v6.12.18

v6.12.19

v6.12.2

v6.12.20

v6.12.21

v6.12.22

v6.12.23

v6.12.24

v6.12.25

v6.12.26

v6.12.27

v6.12.28

v6.12.29

v6.12.3

v6.12.30

v6.12.31

v6.12.32

v6.12.33

v6.12.34

v6.12.35

v6.12.36

v6.12.4

v6.12.5

v6.12.6

v6.12.7

v6.12.8

v6.12.9

v6.13

v6.13-rc1

v6.13-rc2

v6.13-rc3

v6.13-rc4

v6.13-rc5

v6.13-rc6

v6.13-rc7

v6.14

v6.14-rc1

v6.14-rc2

v6.14-rc3

v6.14-rc4

v6.14-rc5

v6.14-rc6

v6.14-rc7

v6.15

v6.15-rc1

v6.15-rc2

v6.15-rc3

v6.15-rc4

v6.15-rc5

v6.15-rc6

v6.15-rc7

v6.15.1

v6.15.2

v6.15.3

v6.15.4

v6.16-rc1

v6.16-rc2

v6.16-rc3

v6.9

v6.9-rc7

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "290414354687181551564984864401346490580",
                "117668919183541900218372377396018707315",
                "147016311005113255959526145270121112676",
                "222660639816194480511421252697216547484",
                "158244493268525218360148717370575386289",
                "302746748229024687341365882554264880490",
                "40650197639894785798308319011085727652",
                "285294057751367553268848810081778669910",
                "219431158408252983789492553936285220232",
                "66588852596332835500889584115176187933",
                "115654089384904839096234767646206502262",
                "254171317573070480848318865513353855712"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "drivers/gpu/drm/xe/xe_guc_ct.c"
        },
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6d0b588614c43d6334b2d7a70a99f31f7b14ecc0",
        "signature_version": "v1",
        "id": "CVE-2025-38356-1e3750d2"
    },
    {
        "digest": {
            "function_hash": "246011651196899298694396401776925186305",
            "length": 147.0
        },
        "signature_type": "Function",
        "target": {
            "function": "guc_ct_fini",
            "file": "drivers/gpu/drm/xe/xe_guc_ct.c"
        },
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ad40098da5c3b43114d860a5b5740e7204158534",
        "signature_version": "v1",
        "id": "CVE-2025-38356-6c2101ab"
    },
    {
        "digest": {
            "function_hash": "246011651196899298694396401776925186305",
            "length": 147.0
        },
        "signature_type": "Function",
        "target": {
            "function": "guc_ct_fini",
            "file": "drivers/gpu/drm/xe/xe_guc_ct.c"
        },
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6d0b588614c43d6334b2d7a70a99f31f7b14ecc0",
        "signature_version": "v1",
        "id": "CVE-2025-38356-8800daf5"
    },
    {
        "digest": {
            "function_hash": "246011651196899298694396401776925186305",
            "length": 147.0
        },
        "signature_type": "Function",
        "target": {
            "function": "guc_ct_fini",
            "file": "drivers/gpu/drm/xe/xe_guc_ct.c"
        },
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f161e905b08ae8a513c5a36a10e3163e9920cfe6",
        "signature_version": "v1",
        "id": "CVE-2025-38356-b102722c"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "290414354687181551564984864401346490580",
                "117668919183541900218372377396018707315",
                "147016311005113255959526145270121112676",
                "222660639816194480511421252697216547484",
                "158244493268525218360148717370575386289",
                "302746748229024687341365882554264880490",
                "40650197639894785798308319011085727652",
                "285294057751367553268848810081778669910",
                "219431158408252983789492553936285220232",
                "66588852596332835500889584115176187933",
                "115654089384904839096234767646206502262",
                "254171317573070480848318865513353855712"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "drivers/gpu/drm/xe/xe_guc_ct.c"
        },
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f161e905b08ae8a513c5a36a10e3163e9920cfe6",
        "signature_version": "v1",
        "id": "CVE-2025-38356-ee7f549e"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "290414354687181551564984864401346490580",
                "117668919183541900218372377396018707315",
                "147016311005113255959526145270121112676",
                "222660639816194480511421252697216547484",
                "158244493268525218360148717370575386289",
                "302746748229024687341365882554264880490",
                "40650197639894785798308319011085727652",
                "285294057751367553268848810081778669910",
                "219431158408252983789492553936285220232",
                "66588852596332835500889584115176187933",
                "115654089384904839096234767646206502262",
                "254171317573070480848318865513353855712"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "drivers/gpu/drm/xe/xe_guc_ct.c"
        },
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ad40098da5c3b43114d860a5b5740e7204158534",
        "signature_version": "v1",
        "id": "CVE-2025-38356-f28c233f"
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.11.0

Fixed

6.12.37

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.15.5