CVE-2025-37754: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/i915/huc: Fix fence not released on early probe errors HuC delayed loading fence, introduced with commit 27536e03271da ("drm/i915/huc: track delayed HuC load with a fence"), is registered with object tracker early on driver probe but unregistered only from driver remove, which is not called on early probe errors. Since its memory is allocated under devres, then released anyway, it may happen to be allocated again to the fence and reused on future driver probes, resulting in kernel warnings that taint the kernel: <4> [309.731371] ------------[ cut here ]------------ <3> [309.731373] ODEBUG: init destroyed (active state 0) object: ffff88813d7dd2e0 object type: i915_sw_fence hint: sw_fence_dummy_notify+0x0/0x20 [i915] <4> [309.731575] WARNING: CPU: 2 PID: 3161 at lib/debugobjects.c:612 debug_print_object+0x93/0xf0 ... <4> [309.731693] CPU: 2 UID: 0 PID: 3161 Comm: i915_module_loa Tainted: G U 6.14.0-CI_DRM_16362-gf0fd77956987+ #1 ... <4> [309.731700] RIP: 0010:debug_print_object+0x93/0xf0 ... <4> [309.731728] Call Trace: <4> [309.731730] <TASK> ... <4> [309.731949] __debug_object_init+0x17b/0x1c0 <4> [309.731957] debug_object_init+0x34/0x50 <4> [309.732126] __i915_sw_fence_init+0x34/0x60 [i915] <4> [309.732256] intel_huc_init_early+0x4b/0x1d0 [i915] <4> [309.732468] intel_uc_init_early+0x61/0x680 [i915] <4> [309.732667] intel_gt_common_init_early+0x105/0x130 [i915] <4> [309.732804] intel_root_gt_init_early+0x63/0x80 [i915] <4> [309.732938] i915_driver_probe+0x1fa/0xeb0 [i915] <4> [309.733075] i915_pci_probe+0xe6/0x220 [i915] <4> [309.733198] local_pci_probe+0x44/0xb0 <4> [309.733203] pci_device_probe+0xf4/0x270 <4> [309.733209] really_probe+0xee/0x3c0 <4> [309.733215] __driver_probe_device+0x8c/0x180 <4> [309.733219] driver_probe_device+0x24/0xd0 <4> [309.733223] __driver_attach+0x10f/0x220 <4> [309.733230] bus_for_each_dev+0x7d/0xe0 <4> [309.733236] driver_attach+0x1e/0x30 <4> [309.733239] bus_add_driver+0x151/0x290 <4> [309.733244] driver_register+0x5e/0x130 <4> [309.733247] __pci_register_driver+0x7d/0x90 <4> [309.733251] i915_pci_register_driver+0x23/0x30 [i915] <4> [309.733413] i915_init+0x34/0x120 [i915] <4> [309.733655] do_one_initcall+0x62/0x3f0 <4> [309.733667] do_init_module+0x97/0x2a0 <4> [309.733671] load_module+0x25ff/0x2890 <4> [309.733688] init_module_from_file+0x97/0xe0 <4> [309.733701] idempotent_init_module+0x118/0x330 <4> [309.733711] __x64_sys_finit_module+0x77/0x100 <4> [309.733715] x64_sys_call+0x1f37/0x2650 <4> [309.733719] do_syscall_64+0x91/0x180 <4> [309.733763] entry_SYSCALL_64_after_hwframe+0x76/0x7e <4> [309.733792] </TASK> ... <4> [309.733806] ---[ end trace 0000000000000000 ]--- That scenario is most easily reproducible with igt@i915_module_load@reload-with-fault-injection. Fix the issue by moving the cleanup step to driver release path. (cherry picked from commit 795dbde92fe5c6996a02a5b579481de73035e7bf)
AI Analysis
Technical Summary
CVE-2025-37754 is a vulnerability identified in the Linux kernel, specifically within the Intel i915 graphics driver subsystem related to the HuC (HuC firmware) delayed loading fence mechanism. The issue arises because the fence object, which is registered early during the driver probe process, is only unregistered during the driver removal phase. However, if an early probe error occurs, the driver removal routine is not invoked, leaving the fence object registered. Since the memory for this fence is managed by the device resource management (devres) framework and is eventually released, it can be reallocated and reused for the fence object in subsequent driver probes. This leads to kernel warnings and tainting of the kernel, as debug objects are improperly destroyed or reinitialized, causing instability and potential memory corruption. The vulnerability manifests as kernel warnings and debug tracebacks, which can be reproduced using fault injection tests such as igt@i915_module_load@reload-with-fault-injection. The root cause is a cleanup step that is misplaced in the driver lifecycle, and the fix involves moving this cleanup to the driver release path to ensure proper unregistration of the fence object regardless of probe success or failure. While this vulnerability does not appear to allow direct code execution or privilege escalation, it can cause kernel instability, tainting, and potentially lead to denial of service conditions due to improper resource management in the graphics driver subsystem.
Potential Impact
For European organizations, the impact of CVE-2025-37754 primarily concerns systems running Linux kernels with the affected Intel i915 graphics driver versions, particularly those using integrated Intel graphics hardware. The vulnerability can cause kernel warnings and tainting, which may lead to system instability or crashes, affecting availability. This is especially critical for environments relying on Linux-based servers, workstations, or embedded systems with Intel graphics, such as in research institutions, media production, or industrial control systems. Although no direct exploitation for privilege escalation or data breach is indicated, the resulting kernel instability can disrupt operations, cause unexpected downtime, and complicate system diagnostics. Organizations with high availability requirements or those using Linux in critical infrastructure may face operational risks. Additionally, the presence of kernel tainting can hinder support and troubleshooting efforts, potentially delaying incident response and remediation.
Mitigation Recommendations
To mitigate CVE-2025-37754, organizations should prioritize updating their Linux kernel to versions that include the patch fixing the fence object cleanup in the i915 driver. Since the vulnerability is related to driver probe and resource management, applying the latest stable kernel releases from trusted sources or vendor-provided updates is essential. For environments where immediate kernel updates are not feasible, consider disabling or blacklisting the i915 driver if Intel integrated graphics are not required, to prevent the vulnerable code path from executing. Additionally, monitor kernel logs for warnings related to debug objects and fence initialization failures to detect potential occurrences of this issue. Implementing robust kernel crash and taint monitoring can help identify affected systems early. For critical systems, perform controlled testing of kernel updates to ensure stability before deployment. Finally, maintain strict control over kernel module loading and ensure that only signed and verified modules are loaded to reduce risk exposure.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2025-37754: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/i915/huc: Fix fence not released on early probe errors HuC delayed loading fence, introduced with commit 27536e03271da ("drm/i915/huc: track delayed HuC load with a fence"), is registered with object tracker early on driver probe but unregistered only from driver remove, which is not called on early probe errors. Since its memory is allocated under devres, then released anyway, it may happen to be allocated again to the fence and reused on future driver probes, resulting in kernel warnings that taint the kernel: <4> [309.731371] ------------[ cut here ]------------ <3> [309.731373] ODEBUG: init destroyed (active state 0) object: ffff88813d7dd2e0 object type: i915_sw_fence hint: sw_fence_dummy_notify+0x0/0x20 [i915] <4> [309.731575] WARNING: CPU: 2 PID: 3161 at lib/debugobjects.c:612 debug_print_object+0x93/0xf0 ... <4> [309.731693] CPU: 2 UID: 0 PID: 3161 Comm: i915_module_loa Tainted: G U 6.14.0-CI_DRM_16362-gf0fd77956987+ #1 ... <4> [309.731700] RIP: 0010:debug_print_object+0x93/0xf0 ... <4> [309.731728] Call Trace: <4> [309.731730] <TASK> ... <4> [309.731949] __debug_object_init+0x17b/0x1c0 <4> [309.731957] debug_object_init+0x34/0x50 <4> [309.732126] __i915_sw_fence_init+0x34/0x60 [i915] <4> [309.732256] intel_huc_init_early+0x4b/0x1d0 [i915] <4> [309.732468] intel_uc_init_early+0x61/0x680 [i915] <4> [309.732667] intel_gt_common_init_early+0x105/0x130 [i915] <4> [309.732804] intel_root_gt_init_early+0x63/0x80 [i915] <4> [309.732938] i915_driver_probe+0x1fa/0xeb0 [i915] <4> [309.733075] i915_pci_probe+0xe6/0x220 [i915] <4> [309.733198] local_pci_probe+0x44/0xb0 <4> [309.733203] pci_device_probe+0xf4/0x270 <4> [309.733209] really_probe+0xee/0x3c0 <4> [309.733215] __driver_probe_device+0x8c/0x180 <4> [309.733219] driver_probe_device+0x24/0xd0 <4> [309.733223] __driver_attach+0x10f/0x220 <4> [309.733230] bus_for_each_dev+0x7d/0xe0 <4> [309.733236] driver_attach+0x1e/0x30 <4> [309.733239] bus_add_driver+0x151/0x290 <4> [309.733244] driver_register+0x5e/0x130 <4> [309.733247] __pci_register_driver+0x7d/0x90 <4> [309.733251] i915_pci_register_driver+0x23/0x30 [i915] <4> [309.733413] i915_init+0x34/0x120 [i915] <4> [309.733655] do_one_initcall+0x62/0x3f0 <4> [309.733667] do_init_module+0x97/0x2a0 <4> [309.733671] load_module+0x25ff/0x2890 <4> [309.733688] init_module_from_file+0x97/0xe0 <4> [309.733701] idempotent_init_module+0x118/0x330 <4> [309.733711] __x64_sys_finit_module+0x77/0x100 <4> [309.733715] x64_sys_call+0x1f37/0x2650 <4> [309.733719] do_syscall_64+0x91/0x180 <4> [309.733763] entry_SYSCALL_64_after_hwframe+0x76/0x7e <4> [309.733792] </TASK> ... <4> [309.733806] ---[ end trace 0000000000000000 ]--- That scenario is most easily reproducible with igt@i915_module_load@reload-with-fault-injection. Fix the issue by moving the cleanup step to driver release path. (cherry picked from commit 795dbde92fe5c6996a02a5b579481de73035e7bf)
AI-Powered Analysis
Technical Analysis
CVE-2025-37754 is a vulnerability identified in the Linux kernel, specifically within the Intel i915 graphics driver subsystem related to the HuC (HuC firmware) delayed loading fence mechanism. The issue arises because the fence object, which is registered early during the driver probe process, is only unregistered during the driver removal phase. However, if an early probe error occurs, the driver removal routine is not invoked, leaving the fence object registered. Since the memory for this fence is managed by the device resource management (devres) framework and is eventually released, it can be reallocated and reused for the fence object in subsequent driver probes. This leads to kernel warnings and tainting of the kernel, as debug objects are improperly destroyed or reinitialized, causing instability and potential memory corruption. The vulnerability manifests as kernel warnings and debug tracebacks, which can be reproduced using fault injection tests such as igt@i915_module_load@reload-with-fault-injection. The root cause is a cleanup step that is misplaced in the driver lifecycle, and the fix involves moving this cleanup to the driver release path to ensure proper unregistration of the fence object regardless of probe success or failure. While this vulnerability does not appear to allow direct code execution or privilege escalation, it can cause kernel instability, tainting, and potentially lead to denial of service conditions due to improper resource management in the graphics driver subsystem.
Potential Impact
For European organizations, the impact of CVE-2025-37754 primarily concerns systems running Linux kernels with the affected Intel i915 graphics driver versions, particularly those using integrated Intel graphics hardware. The vulnerability can cause kernel warnings and tainting, which may lead to system instability or crashes, affecting availability. This is especially critical for environments relying on Linux-based servers, workstations, or embedded systems with Intel graphics, such as in research institutions, media production, or industrial control systems. Although no direct exploitation for privilege escalation or data breach is indicated, the resulting kernel instability can disrupt operations, cause unexpected downtime, and complicate system diagnostics. Organizations with high availability requirements or those using Linux in critical infrastructure may face operational risks. Additionally, the presence of kernel tainting can hinder support and troubleshooting efforts, potentially delaying incident response and remediation.
Mitigation Recommendations
To mitigate CVE-2025-37754, organizations should prioritize updating their Linux kernel to versions that include the patch fixing the fence object cleanup in the i915 driver. Since the vulnerability is related to driver probe and resource management, applying the latest stable kernel releases from trusted sources or vendor-provided updates is essential. For environments where immediate kernel updates are not feasible, consider disabling or blacklisting the i915 driver if Intel integrated graphics are not required, to prevent the vulnerable code path from executing. Additionally, monitor kernel logs for warnings related to debug objects and fence initialization failures to detect potential occurrences of this issue. Implementing robust kernel crash and taint monitoring can help identify affected systems early. For critical systems, perform controlled testing of kernel updates to ensure stability before deployment. Finally, maintain strict control over kernel module loading and ensure that only signed and verified modules are loaded to reduce risk exposure.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-04-16T04:51:23.937Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9832c4522896dcbe832f
Added to database: 5/21/2025, 9:09:06 AM
Last enriched: 7/3/2025, 10:40:57 PM
Last updated: 7/27/2025, 9:54:19 PM
Views: 10
Related Threats
CVE-2025-40770: CWE-300: Channel Accessible by Non-Endpoint in Siemens SINEC Traffic Analyzer
HighCVE-2025-40769: CWE-1164: Irrelevant Code in Siemens SINEC Traffic Analyzer
HighCVE-2025-40768: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in Siemens SINEC Traffic Analyzer
HighCVE-2025-40767: CWE-250: Execution with Unnecessary Privileges in Siemens SINEC Traffic Analyzer
HighCVE-2025-40766: CWE-400: Uncontrolled Resource Consumption in Siemens SINEC Traffic Analyzer
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.