CVE-2025-40023Regex Denial of Service in Linux

CWE-1333Regex Denial of Service7 documents6 sources
Severity
7.5HIGH
No vector
EPSS
0.0%
top 92.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
LinuxLinux KernelDebian Linux+4 more
Timeline
PublishedOct 24

Description

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Don't expose sysfs attributes not applicable for VFs VFs can't read BMG_PCIE_CAP(0x138340) register nor access PCODE (already guarded by the info.skip_pcode flag) so we shouldn't expose attributes that require any of them to avoid errors like: [] xe 0000:03:00.1: [drm] Tile0: GT0: VF is trying to read an \ inaccessible register 0x138340+0x0 [] RIP: 0010:xe_gt_sriov_vf_read32+0x6c2/0x9a0 [xe] [] Call Trace: [] xe_mm

Affected Packages8 packages

Linuxlinux/linux_kernel6.16.06.16.10
Debianlinux/linux_kernel< 6.16.10-1
CVEListV5linux/linux0e414bf7ad012e55c8a0aa4e91f68cb1cf5801ffbacbadedbba737da8ae6e0464bc0971c30cda4cb+2
debiandebian/linux< linux 6.16.10-1 (forky)

🔴Vulnerability Details

3
GHSA
GHSA-m3f2-pghf-98q6: In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Don't expose sysfs attributes not applicable for VFs VFs can't read B2025-10-24
OSV
CVE-2025-40023: In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Don't expose sysfs attributes not applicable for VFs VFs can't read BMG2025-10-24
OSV
drm/xe/vf: Don't expose sysfs attributes not applicable for VFs2025-10-24

📋Vendor Advisories

3
Red Hat
kernel: drm/xe/vf: Don't expose sysfs attributes not applicable for VFs2025-10-24
Debian
CVE-2025-40023: linux - In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: ...2025
Microsoft
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.2022-09-13