CVE-2025-37868

MEDIUM EPSS 6.1%
Published May 9, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 9, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: drm/xe/userptr: fix notifier vs folio deadlock User is reporting what smells like notifier vs folio deadlock, where migrate_pages_batch() on core kernel side is holding folio lock(s) and then interacting with the mappings of it, however those mappings are tied to some userptr, which means calling into the notifier callback and grabbing the notifier lock. With perfect timing it looks possible that the pages we pulled from the hmm fault can get sniped by migrate_pages_batch() at the same time that we are holding the notifier lock to mark the pages as accessed/dirty, but at this point we also want to grab the folio locks(s) to mark them as dirty, but if they are contended from notifier/migrate_pages_batch side then we deadlock since folio lock won't be dropped until we drop the notifier lock. Fortunately the mark_page_accessed/dirty is not really needed in the first place it seems and should have already been done by hmm fault, so just remove it. (cherry picked from commit bd7c0cb695e87c0e43247be8196b4919edbe0e85)

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
6.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-667

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥6.12.19  –  <6.12.25
linuxlinux_kernel*≥6.13.7  –  <6.14
linuxlinux_kernel*≥6.14.1  –  <6.14.4
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/2577b202458cddff85cc154b1fe7f313e0d1f418
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/65dc4e3d5b01db0179fc95c1f0bdb87194c28ab5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/90574ecf6052be83971d91d16600c5cf07003bbb
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2577b202458cddff85cc154b1fe7f313e0d1f418
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/65dc4e3d5b01db0179fc95c1f0bdb87194c28ab5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/90574ecf6052be83971d91d16600c5cf07003bbb
    Patch