Listen to this Post
The CVE-2025-38511 vulnerability exists within the drm/xe/pf (Direct Rendering Manager / Xe GPU) component of the Linux kernel. During the allocation of Local Memory Translation Table (LMTT) pages for a Virtual Function (VF), the kernel does not automatically clear the memory. The provisioning process only sets up valid LMTT Page Table Entries (PTEs) for the specific LMEM range assigned to the VF. The remaining LMTT pages, outside this provisioned range, retain their previous stale data. This creates a security gap where uninitialized memory could contain residual pointers or data from previous allocations, potentially belonging to other VFs or the Physical Function (PF) itself. A malicious VF could exploit this by attempting to read from these uninitialized LMTT regions, leading to an information disclosure of sensitive kernel memory contents.
Platform: Linux Kernel
Version: drm/xe/pf
Vulnerability: Information Disclosure
Severity: Medium
date: 08/16/2025
Prediction: Patch expected by 08/30/2025
What Undercode Say:
git show 3fae6918a3e27cce20ded2551f863fb05d4bef8d cat /sys/kernel/debug/xe/pf/lmtt dmesg | grep -i "LMTT"
// Code snippet from the patch clearing LMTT pages memset(lmtt_page, 0, PAGE_SIZE);
How Exploit:
Malicious VF probes unmapped LMTT regions. Reads stale PTE data from uncleared pages. Extracts pointers to PF or other VF memory.
Protection from this CVE
Apply kernel patch 3fae6918a3e2. Update to a fixed kernel version. Enable kernel page poisoning for debug.
Impact:
Information Disclosure. Potential kernel pointer leakage. Privilege escalation risk.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
