cbcvebase.
CVE-2025-38389
published 2025-07-25

CVE-2025-38389: In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Fix timeline left held on VMA alloc error The following error has been…

high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Fix timeline left held on VMA alloc error The following error has been reported sporadically by CI when a test unbinds the i915 driver on a ring submission platform: [239.330153] ------------[ cut here ]------------ [239.330166] i915 0000:00:02.0: [drm] drm_WARN_ON(dev_priv->mm.shrink_count) [239.330196] WARNING: CPU: 1 PID: 18570 at drivers/gpu/drm/i915/i915_gem.c:1309 i915_gem_cleanup_early+0x13e/0x150 [i915] ... [239.330640] RIP: 0010:i915_gem_cleanup_early+0x13e/0x150 [i915] ... [239.330942] Call Trace: [239.330944] [239.330949] i915_driver_late_release+0x2b/0xa0 [i915] [239.331202] i915_driver_release+0x86/0xa0 [i915] [239.331482] devm_drm_dev_init_release+0x61/0x90 [239.331494] devm_action_release+0x15/0x30 [239.331504] release_nodes+0x3d/0x120 [239.331517] devres_release_all+0x96/0xd0 [239.331533] device_unbind_cleanup+0x12/0x80 [239.331543] device_release_driver_internal+0x23a/0x280 [239.331550] ? bus_find_device+0xa5/0xe0 [239.331563] device_driver_detach+0x14/0x20 ... [357.719679] ---[ end trace 0000000000000000 ]--- If the test also unloads the i915 module then that's followed with: [357.787478] ============================================================================= [357.788006] BUG i915_vma (Tainted: G U W N ): Objects remaining on __kmem_cache_shutdown() [357.788031] ----------------------------------------------------------------------------- [357.788204] Object 0xffff888109e7f480 @offset=29824 [357.788670] Allocated in i915_vma_instance+0xee/0xc10 [i915] age=292729 cpu=4 pid=2244 [357.788994] i915_vma_instance+0xee/0xc10 [i915] [357.789290] init_status_page+0x7b/0x420 [i915] [357.789532] intel_engines_init+0x1d8/0x980 [i915] [357.789772] intel_gt_init+0x175/0x450 [i915] [357.790014] i915_gem_init+0x113/0x340 [i915] [357.790281] i915_driver_probe+0x847/0xed0 [i915] [357.790504] i915_pci_probe+0xe6/0x220 [i915] ... Closer analysis of CI results history has revea

Affected

38 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
debianlinux< linux 6.1.147-1 (bookworm)linux 6.1.147-1 (bookworm)
debianlinux-6.1< linux 6.1.147-1 (bookworm)linux 6.1.147-1 (bookworm)
linuxlinux
linuxlinux>= 75d0a7f31eec8ec4a53b4485905800e09dc5091f < 60b757730884e4a223152a68d9b5f625dac9411960b757730884e4a223152a68d9b5f625dac94119
linuxlinux>= 75d0a7f31eec8ec4a53b4485905800e09dc5091f < e47d7d6edc40a6ace7cc04e5893759fee68569f5e47d7d6edc40a6ace7cc04e5893759fee68569f5
linuxlinux>= 75d0a7f31eec8ec4a53b4485905800e09dc5091f < f10af34261448610d4048ac6e6af87f80e3881a4f10af34261448610d4048ac6e6af87f80e3881a4
linuxlinux>= 75d0a7f31eec8ec4a53b4485905800e09dc5091f < 4c778c96e469fb719b11683e0a3be8ea68052fa24c778c96e469fb719b11683e0a3be8ea68052fa2
linuxlinux>= 75d0a7f31eec8ec4a53b4485905800e09dc5091f < 40e09506aea1fde1f3e0e04eca531bbb23404baf40e09506aea1fde1f3e0e04eca531bbb23404baf
linuxlinux>= 75d0a7f31eec8ec4a53b4485905800e09dc5091f < 5a7ae7bebdc4c2ecd48a2c061319956f65c094735a7ae7bebdc4c2ecd48a2c061319956f65c09473
linuxlinux>= 75d0a7f31eec8ec4a53b4485905800e09dc5091f < c542d62883f62ececafcb630a1c5010133826beac542d62883f62ececafcb630a1c5010133826bea
linuxlinux>= 75d0a7f31eec8ec4a53b4485905800e09dc5091f < a5aa7bc1fca78c7fa127d9e33aa94a0c9066c1d6a5aa7bc1fca78c7fa127d9e33aa94a0c9066c1d6
linuxlinux_kernel
linuxlinux_kernel>= 0 < 5.10.244-15.10.244-1
linuxlinux_kernel>= 0 < 6.1.147-16.1.147-1
linuxlinux_kernel>= 0 < 6.12.37-16.12.37-1
linuxlinux_kernel>= 0 < 6.12.37-16.12.37-1
linuxlinux_kernel>= 0 < 5.15.0-156.1665.15.0-156.166
linuxlinux_kernel>= 0 < 6.8.0-100.1006.8.0-100.100
linuxlinux_kernel>= 5.11 < 5.15.1875.15.187
linuxlinux_kernel>= 5.16 < 6.1.1446.1.144
linuxlinux_kernel>= 5.4 < 5.4.2965.4.296
linuxlinux_kernel>= 5.5 < 5.10.2405.10.240
linuxlinux_kernel>= 6.13 < 6.15.66.15.6
linuxlinux_kernel>= 6.2 < 6.6.976.6.97

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH