CVE-2025-23162

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-23162
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23162.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-23162
Downstream
Published
2025-05-01T13:15:52Z
Modified
2025-05-08T23:01:21Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/vf: Don't try to trigger a full GT reset if VF

VFs don't have access to the GDRST(0x941c) register that driver uses to reset a GT. Attempt to trigger a reset using debugfs:

$ cat /sys/kernel/debug/dri/0000:00:02.1/gt0/force_reset

or due to a hang condition detected by the driver leads to:

[ ] xe 0000:00:02.1: [drm] GT0: trying reset from forcereset [xe] [ ] xe 0000:00:02.1: [drm] GT0: reset queued [ ] xe 0000:00:02.1: [drm] GT0: reset started [ ] ------------[ cut here ]------------ [ ] xe 0000:00:02.1: [drm] GT0: VF is trying to write 0x1 to an inaccessible register 0x941c+0x0 [ ] WARNING: CPU: 3 PID: 3069 at drivers/gpu/drm/xe/xegtsriovvf.c:996 xegtsriovvfwrite32+0xc6/0x580 [xe] [ ] RIP: 0010:xegtsriovvfwrite32+0xc6/0x580 [xe] [ ] Call Trace: [ ] <TASK> [ ] ? showregs+0x6c/0x80 [ ] ? _warn+0x93/0x1c0 [ ] ? xegtsriovvfwrite32+0xc6/0x580 [xe] [ ] ? reportbug+0x182/0x1b0 [ ] ? handlebug+0x6e/0xb0 [ ] ? excinvalidop+0x18/0x80 [ ] ? asmexcinvalidop+0x1b/0x20 [ ] ? xegtsriovvfwrite32+0xc6/0x580 [xe] [ ] ? xegtsriovvfwrite32+0xc6/0x580 [xe] [ ] ? xegttlbinvalidationreset+0xef/0x110 [xe] [ ] ? _mutexunlockslowpath+0x41/0x2e0 [ ] xemmiowrite32+0x64/0x150 [xe] [ ] dogtreset+0x2f/0xa0 [xe] [ ] gtresetworker+0x14e/0x1e0 [xe] [ ] processonework+0x21c/0x740 [ ] worker_thread+0x1db/0x3c0

Fix that by sending H2G VF_RESET(0x5507) action instead.

References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12.25-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}