CVE-2025-37761: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix an out-of-bounds shift when invalidating TLB When the size of the range invalidated is larger than rounddown_pow_of_two(ULONG_MAX), The function macro roundup_pow_of_two(length) will hit an out-of-bounds shift [1]. Use a full TLB invalidation for such cases. v2: - Use a define for the range size limit over which we use a full TLB invalidation. (Lucas) - Use a better calculation of the limit. [1]: [ 39.202421] ------------[ cut here ]------------ [ 39.202657] UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13 [ 39.202673] shift exponent 64 is too large for 64-bit type 'long unsigned int' [ 39.202688] CPU: 8 UID: 0 PID: 3129 Comm: xe_exec_system_ Tainted: G U 6.14.0+ #10 [ 39.202690] Tainted: [U]=USER [ 39.202690] Hardware name: ASUS System Product Name/PRIME B560M-A AC, BIOS 2001 02/01/2023 [ 39.202691] Call Trace: [ 39.202692] <TASK> [ 39.202695] dump_stack_lvl+0x6e/0xa0 [ 39.202699] ubsan_epilogue+0x5/0x30 [ 39.202701] __ubsan_handle_shift_out_of_bounds.cold+0x61/0xe6 [ 39.202705] xe_gt_tlb_invalidation_range.cold+0x1d/0x3a [xe] [ 39.202800] ? find_held_lock+0x2b/0x80 [ 39.202803] ? mark_held_locks+0x40/0x70 [ 39.202806] xe_svm_invalidate+0x459/0x700 [xe] [ 39.202897] drm_gpusvm_notifier_invalidate+0x4d/0x70 [drm_gpusvm] [ 39.202900] __mmu_notifier_release+0x1f5/0x270 [ 39.202905] exit_mmap+0x40e/0x450 [ 39.202912] __mmput+0x45/0x110 [ 39.202914] exit_mm+0xc5/0x130 [ 39.202916] do_exit+0x21c/0x500 [ 39.202918] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 39.202920] do_group_exit+0x36/0xa0 [ 39.202922] get_signal+0x8f8/0x900 [ 39.202926] arch_do_signal_or_restart+0x35/0x100 [ 39.202930] syscall_exit_to_user_mode+0x1fc/0x290 [ 39.202932] do_syscall_64+0xa1/0x180 [ 39.202934] ? do_user_addr_fault+0x59f/0x8a0 [ 39.202937] ? lock_release+0xd2/0x2a0 [ 39.202939] ? do_user_addr_fault+0x5a9/0x8a0 [ 39.202942] ? trace_hardirqs_off+0x4b/0xc0 [ 39.202944] ? clear_bhb_loop+0x25/0x80 [ 39.202946] ? clear_bhb_loop+0x25/0x80 [ 39.202947] ? clear_bhb_loop+0x25/0x80 [ 39.202950] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 39.202952] RIP: 0033:0x7fa945e543e1 [ 39.202961] Code: Unable to access opcode bytes at 0x7fa945e543b7. [ 39.202962] RSP: 002b:00007ffca8fb4170 EFLAGS: 00000293 [ 39.202963] RAX: 000000000000003d RBX: 0000000000000000 RCX: 00007fa945e543e3 [ 39.202964] RDX: 0000000000000000 RSI: 00007ffca8fb41ac RDI: 00000000ffffffff [ 39.202964] RBP: 00007ffca8fb4190 R08: 0000000000000000 R09: 00007fa945f600a0 [ 39.202965] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 39.202966] R13: 00007fa9460dd310 R14: 00007ffca8fb41ac R15: 0000000000000000 [ 39.202970] </TASK> [ 39.202970] ---[ end trace ]--- (cherry picked from commit b88f48f86500bc0b44b4f73ac66d500a40d320ad)
AI Analysis
Technical Summary
CVE-2025-37761 is a vulnerability identified in the Linux kernel, specifically within the Direct Rendering Manager (DRM) subsystem's Xe graphics driver component. The flaw arises from an out-of-bounds shift operation during the invalidation of the Translation Lookaside Buffer (TLB) when the size of the invalidated range exceeds a certain threshold related to the maximum unsigned long integer value. The vulnerability is triggered because the function macro roundup_pow_of_two(length) performs a bit-shift operation that exceeds the bit-width of the data type (64 bits on typical architectures), leading to undefined behavior and potential kernel instability or crashes. The kernel logs indicate a shift-out-of-bounds error detected by the Undefined Behavior Sanitizer (UBSAN), which results in a kernel trace and potential system tainting. The root cause is that when the invalidation range is larger than rounddown_pow_of_two(ULONG_MAX), the macro attempts to shift by an amount equal to or greater than 64 bits, which is invalid. The patch resolves this by introducing a defined limit for the range size, beyond which a full TLB invalidation is performed instead of the problematic partial invalidation. This fix prevents the out-of-bounds shift and ensures safe handling of large TLB invalidation requests. The vulnerability affects Linux kernel versions prior to the patch and is relevant to systems using the Xe DRM driver, which is associated with Intel's integrated graphics technology. No known exploits are currently reported in the wild, and the vulnerability requires conditions that involve kernel-level operations related to GPU memory management and TLB invalidation. Exploitation would likely require privileged access or specific workloads that trigger large TLB invalidations in the Xe driver context.
Potential Impact
For European organizations, the impact of CVE-2025-37761 primarily concerns systems running Linux kernels with the affected Xe DRM driver, particularly those utilizing Intel integrated graphics hardware. The vulnerability could lead to kernel crashes or system instability, potentially causing denial of service (DoS) conditions on affected machines. This is especially critical for servers or workstations performing GPU-accelerated tasks or graphics-intensive operations. While the vulnerability does not directly imply remote code execution or privilege escalation, the resulting system instability could disrupt business operations, data processing, or service availability. Organizations relying on Linux-based infrastructure for cloud services, data centers, or development environments that use Intel Xe graphics may experience interruptions. Additionally, embedded systems or industrial control systems running affected Linux kernels with Xe graphics could face reliability issues. The lack of known exploits reduces immediate risk, but the vulnerability's presence in a core kernel component means that timely patching is essential to maintain system integrity and availability.
Mitigation Recommendations
To mitigate CVE-2025-37761, European organizations should: 1) Apply the official Linux kernel patches that address this vulnerability as soon as they become available from trusted sources such as kernel.org or their Linux distribution vendors. 2) Prioritize updating Linux systems that utilize Intel Xe graphics hardware and the DRM subsystem, especially those in production or critical environments. 3) Monitor kernel updates and security advisories from Linux distributions (e.g., Debian, Ubuntu, Red Hat, SUSE) for backported fixes and apply them promptly. 4) In environments where immediate patching is not feasible, consider disabling or limiting GPU-accelerated workloads that trigger large TLB invalidations or restrict access to affected kernel modules to trusted users only. 5) Implement robust system monitoring to detect kernel crashes or unusual system behavior that may indicate attempts to trigger this vulnerability. 6) Conduct thorough testing of kernel updates in staging environments to ensure compatibility and stability before deployment. 7) Maintain an inventory of hardware and software configurations to identify systems with Intel Xe graphics and affected kernel versions for targeted remediation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain, Belgium
CVE-2025-37761: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix an out-of-bounds shift when invalidating TLB When the size of the range invalidated is larger than rounddown_pow_of_two(ULONG_MAX), The function macro roundup_pow_of_two(length) will hit an out-of-bounds shift [1]. Use a full TLB invalidation for such cases. v2: - Use a define for the range size limit over which we use a full TLB invalidation. (Lucas) - Use a better calculation of the limit. [1]: [ 39.202421] ------------[ cut here ]------------ [ 39.202657] UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13 [ 39.202673] shift exponent 64 is too large for 64-bit type 'long unsigned int' [ 39.202688] CPU: 8 UID: 0 PID: 3129 Comm: xe_exec_system_ Tainted: G U 6.14.0+ #10 [ 39.202690] Tainted: [U]=USER [ 39.202690] Hardware name: ASUS System Product Name/PRIME B560M-A AC, BIOS 2001 02/01/2023 [ 39.202691] Call Trace: [ 39.202692] <TASK> [ 39.202695] dump_stack_lvl+0x6e/0xa0 [ 39.202699] ubsan_epilogue+0x5/0x30 [ 39.202701] __ubsan_handle_shift_out_of_bounds.cold+0x61/0xe6 [ 39.202705] xe_gt_tlb_invalidation_range.cold+0x1d/0x3a [xe] [ 39.202800] ? find_held_lock+0x2b/0x80 [ 39.202803] ? mark_held_locks+0x40/0x70 [ 39.202806] xe_svm_invalidate+0x459/0x700 [xe] [ 39.202897] drm_gpusvm_notifier_invalidate+0x4d/0x70 [drm_gpusvm] [ 39.202900] __mmu_notifier_release+0x1f5/0x270 [ 39.202905] exit_mmap+0x40e/0x450 [ 39.202912] __mmput+0x45/0x110 [ 39.202914] exit_mm+0xc5/0x130 [ 39.202916] do_exit+0x21c/0x500 [ 39.202918] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 39.202920] do_group_exit+0x36/0xa0 [ 39.202922] get_signal+0x8f8/0x900 [ 39.202926] arch_do_signal_or_restart+0x35/0x100 [ 39.202930] syscall_exit_to_user_mode+0x1fc/0x290 [ 39.202932] do_syscall_64+0xa1/0x180 [ 39.202934] ? do_user_addr_fault+0x59f/0x8a0 [ 39.202937] ? lock_release+0xd2/0x2a0 [ 39.202939] ? do_user_addr_fault+0x5a9/0x8a0 [ 39.202942] ? trace_hardirqs_off+0x4b/0xc0 [ 39.202944] ? clear_bhb_loop+0x25/0x80 [ 39.202946] ? clear_bhb_loop+0x25/0x80 [ 39.202947] ? clear_bhb_loop+0x25/0x80 [ 39.202950] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 39.202952] RIP: 0033:0x7fa945e543e1 [ 39.202961] Code: Unable to access opcode bytes at 0x7fa945e543b7. [ 39.202962] RSP: 002b:00007ffca8fb4170 EFLAGS: 00000293 [ 39.202963] RAX: 000000000000003d RBX: 0000000000000000 RCX: 00007fa945e543e3 [ 39.202964] RDX: 0000000000000000 RSI: 00007ffca8fb41ac RDI: 00000000ffffffff [ 39.202964] RBP: 00007ffca8fb4190 R08: 0000000000000000 R09: 00007fa945f600a0 [ 39.202965] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 39.202966] R13: 00007fa9460dd310 R14: 00007ffca8fb41ac R15: 0000000000000000 [ 39.202970] </TASK> [ 39.202970] ---[ end trace ]--- (cherry picked from commit b88f48f86500bc0b44b4f73ac66d500a40d320ad)
AI-Powered Analysis
Technical Analysis
CVE-2025-37761 is a vulnerability identified in the Linux kernel, specifically within the Direct Rendering Manager (DRM) subsystem's Xe graphics driver component. The flaw arises from an out-of-bounds shift operation during the invalidation of the Translation Lookaside Buffer (TLB) when the size of the invalidated range exceeds a certain threshold related to the maximum unsigned long integer value. The vulnerability is triggered because the function macro roundup_pow_of_two(length) performs a bit-shift operation that exceeds the bit-width of the data type (64 bits on typical architectures), leading to undefined behavior and potential kernel instability or crashes. The kernel logs indicate a shift-out-of-bounds error detected by the Undefined Behavior Sanitizer (UBSAN), which results in a kernel trace and potential system tainting. The root cause is that when the invalidation range is larger than rounddown_pow_of_two(ULONG_MAX), the macro attempts to shift by an amount equal to or greater than 64 bits, which is invalid. The patch resolves this by introducing a defined limit for the range size, beyond which a full TLB invalidation is performed instead of the problematic partial invalidation. This fix prevents the out-of-bounds shift and ensures safe handling of large TLB invalidation requests. The vulnerability affects Linux kernel versions prior to the patch and is relevant to systems using the Xe DRM driver, which is associated with Intel's integrated graphics technology. No known exploits are currently reported in the wild, and the vulnerability requires conditions that involve kernel-level operations related to GPU memory management and TLB invalidation. Exploitation would likely require privileged access or specific workloads that trigger large TLB invalidations in the Xe driver context.
Potential Impact
For European organizations, the impact of CVE-2025-37761 primarily concerns systems running Linux kernels with the affected Xe DRM driver, particularly those utilizing Intel integrated graphics hardware. The vulnerability could lead to kernel crashes or system instability, potentially causing denial of service (DoS) conditions on affected machines. This is especially critical for servers or workstations performing GPU-accelerated tasks or graphics-intensive operations. While the vulnerability does not directly imply remote code execution or privilege escalation, the resulting system instability could disrupt business operations, data processing, or service availability. Organizations relying on Linux-based infrastructure for cloud services, data centers, or development environments that use Intel Xe graphics may experience interruptions. Additionally, embedded systems or industrial control systems running affected Linux kernels with Xe graphics could face reliability issues. The lack of known exploits reduces immediate risk, but the vulnerability's presence in a core kernel component means that timely patching is essential to maintain system integrity and availability.
Mitigation Recommendations
To mitigate CVE-2025-37761, European organizations should: 1) Apply the official Linux kernel patches that address this vulnerability as soon as they become available from trusted sources such as kernel.org or their Linux distribution vendors. 2) Prioritize updating Linux systems that utilize Intel Xe graphics hardware and the DRM subsystem, especially those in production or critical environments. 3) Monitor kernel updates and security advisories from Linux distributions (e.g., Debian, Ubuntu, Red Hat, SUSE) for backported fixes and apply them promptly. 4) In environments where immediate patching is not feasible, consider disabling or limiting GPU-accelerated workloads that trigger large TLB invalidations or restrict access to affected kernel modules to trusted users only. 5) Implement robust system monitoring to detect kernel crashes or unusual system behavior that may indicate attempts to trigger this vulnerability. 6) Conduct thorough testing of kernel updates in staging environments to ensure compatibility and stability before deployment. 7) Maintain an inventory of hardware and software configurations to identify systems with Intel Xe graphics and affected kernel versions for targeted remediation.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-04-16T04:51:23.938Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9832c4522896dcbe836f
Added to database: 5/21/2025, 9:09:06 AM
Last enriched: 7/3/2025, 10:54:46 PM
Last updated: 7/29/2025, 7:55:35 AM
Views: 12
Related Threats
CVE-2025-8989: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-8988: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-8987: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-8986: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-31987: CWE-405 Asymmetric Resource Consumption in HCL Software Connections Docs
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.