ghsa-rvcv-v2wq-wg64
Vulnerability from github
Published
2025-05-01 15:31
Modified
2025-05-01 15:31
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/vf: Don't try to trigger a full GT reset if VF

VFs don't have access to the GDRST(0x941c) register that driver uses to reset a GT. Attempt to trigger a reset using debugfs:

$ cat /sys/kernel/debug/dri/0000:00:02.1/gt0/force_reset

or due to a hang condition detected by the driver leads to:

[ ] xe 0000:00:02.1: [drm] GT0: trying reset from force_reset [xe] [ ] xe 0000:00:02.1: [drm] GT0: reset queued [ ] xe 0000:00:02.1: [drm] GT0: reset started [ ] ------------[ cut here ]------------ [ ] xe 0000:00:02.1: [drm] GT0: VF is trying to write 0x1 to an inaccessible register 0x941c+0x0 [ ] WARNING: CPU: 3 PID: 3069 at drivers/gpu/drm/xe/xe_gt_sriov_vf.c:996 xe_gt_sriov_vf_write32+0xc6/0x580 [xe] [ ] RIP: 0010:xe_gt_sriov_vf_write32+0xc6/0x580 [xe] [ ] Call Trace: [ ] [ ] ? show_regs+0x6c/0x80 [ ] ? __warn+0x93/0x1c0 [ ] ? xe_gt_sriov_vf_write32+0xc6/0x580 [xe] [ ] ? report_bug+0x182/0x1b0 [ ] ? handle_bug+0x6e/0xb0 [ ] ? exc_invalid_op+0x18/0x80 [ ] ? asm_exc_invalid_op+0x1b/0x20 [ ] ? xe_gt_sriov_vf_write32+0xc6/0x580 [xe] [ ] ? xe_gt_sriov_vf_write32+0xc6/0x580 [xe] [ ] ? xe_gt_tlb_invalidation_reset+0xef/0x110 [xe] [ ] ? __mutex_unlock_slowpath+0x41/0x2e0 [ ] xe_mmio_write32+0x64/0x150 [xe] [ ] do_gt_reset+0x2f/0xa0 [xe] [ ] gt_reset_worker+0x14e/0x1e0 [xe] [ ] process_one_work+0x21c/0x740 [ ] worker_thread+0x1db/0x3c0

Fix that by sending H2G VF_RESET(0x5507) action instead.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-23162"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T13:15:52Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/vf: Don\u0027t try to trigger a full GT reset if VF\n\nVFs don\u0027t have access to the GDRST(0x941c) register that driver\nuses to reset a GT. Attempt to trigger a reset using debugfs:\n\n $ cat /sys/kernel/debug/dri/0000:00:02.1/gt0/force_reset\n\nor due to a hang condition detected by the driver leads to:\n\n [ ] xe 0000:00:02.1: [drm] GT0: trying reset from force_reset [xe]\n [ ] xe 0000:00:02.1: [drm] GT0: reset queued\n [ ] xe 0000:00:02.1: [drm] GT0: reset started\n [ ] ------------[ cut here ]------------\n [ ] xe 0000:00:02.1: [drm] GT0: VF is trying to write 0x1 to an inaccessible register 0x941c+0x0\n [ ] WARNING: CPU: 3 PID: 3069 at drivers/gpu/drm/xe/xe_gt_sriov_vf.c:996 xe_gt_sriov_vf_write32+0xc6/0x580 [xe]\n [ ] RIP: 0010:xe_gt_sriov_vf_write32+0xc6/0x580 [xe]\n [ ] Call Trace:\n [ ]  \u003cTASK\u003e\n [ ]  ? show_regs+0x6c/0x80\n [ ]  ? __warn+0x93/0x1c0\n [ ]  ? xe_gt_sriov_vf_write32+0xc6/0x580 [xe]\n [ ]  ? report_bug+0x182/0x1b0\n [ ]  ? handle_bug+0x6e/0xb0\n [ ]  ? exc_invalid_op+0x18/0x80\n [ ]  ? asm_exc_invalid_op+0x1b/0x20\n [ ]  ? xe_gt_sriov_vf_write32+0xc6/0x580 [xe]\n [ ]  ? xe_gt_sriov_vf_write32+0xc6/0x580 [xe]\n [ ]  ? xe_gt_tlb_invalidation_reset+0xef/0x110 [xe]\n [ ]  ? __mutex_unlock_slowpath+0x41/0x2e0\n [ ]  xe_mmio_write32+0x64/0x150 [xe]\n [ ]  do_gt_reset+0x2f/0xa0 [xe]\n [ ]  gt_reset_worker+0x14e/0x1e0 [xe]\n [ ]  process_one_work+0x21c/0x740\n [ ]  worker_thread+0x1db/0x3c0\n\nFix that by sending H2G VF_RESET(0x5507) action instead.",
  "id": "GHSA-rvcv-v2wq-wg64",
  "modified": "2025-05-01T15:31:41Z",
  "published": "2025-05-01T15:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23162"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2eec2fa8666dcecebae33a565a818c9de9af8b50"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/459777724d306315070d24608fcd89aea85516d6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/90b16edb3213e4ae4a3138bb20703ae367e88a01"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a9bc61a61372897886f58fdaa5582e3f7bf9a50b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.