CVE-2025-38389
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's i915 graphics driver where a timeline reference is not properly released when VMA allocation fails during interrupted operations. This can lead to memory corruption and kernel crashes. Affects Linux systems with Intel integrated graphics using ring submission mode.
💻 Affected Systems
- Linux kernel with i915 graphics driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially allowing local privilege escalation if combined with other vulnerabilities.
Likely Case
System instability, kernel warnings, and potential crashes during graphics-intensive operations or driver unloading.
If Mitigated
Minor performance impact during graphics operations with proper error handling.
🎯 Exploit Status
Requires local access and ability to trigger specific DRM_IOCTL_I915_GEM_EXECBUFFER2 calls with signal interruptions. Discovered through CI testing, not known to be actively exploited.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commit cc43422b3cc79eacff4c5a8ba0d224688ca9dd4f or backported fixes
Vendor Advisory: https://git.kernel.org/stable/c/40e09506aea1fde1f3e0e04eca531bbb23404baf
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable vulnerable tests
linuxAvoid running IGT tests that trigger the issue: igt@api_intel_allocator@fork-simple-stress-signal, igt@api_intel_allocator@two-level-inception-interruptible, igt@gem_linear_blits@interruptible, igt@prime_mmap_coherency@ioctl-errors
Use alternative submission methods
linuxConfigure i915 driver to use execlists or GuC submission instead of ring submission if hardware supports it
echo options i915 enable_guc=2 > /etc/modprobe.d/i915.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Restrict access to /dev/dri/card* devices to trusted users only
- Monitor system logs for i915-related warnings and crashes
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if i915 module is loaded with ring submission. Look for kernel warnings about 'i915_vma' or 'drm_WARN_ON' in dmesg.Check Version:
uname -r && grep -i i915 /proc/modulesVerify Fix Applied:
Verify kernel version includes the fix commit. Test with vulnerable IGT tests if available.📡 Detection & Monitoring
Log Indicators:
- drm_WARN_ON(dev_priv->mm.shrink_count)
- BUG i915_vma
- Objects remaining on __kmem_cache_shutdown()
- i915_gem_cleanup_early warnings
SIEM Query:
source="kernel" AND ("i915_vma" OR "drm_WARN_ON" OR "i915_gem_cleanup_early")🔗 References
- https://git.kernel.org/stable/c/40e09506aea1fde1f3e0e04eca531bbb23404baf
- https://git.kernel.org/stable/c/4c778c96e469fb719b11683e0a3be8ea68052fa2
- https://git.kernel.org/stable/c/5a7ae7bebdc4c2ecd48a2c061319956f65c09473
- https://git.kernel.org/stable/c/60b757730884e4a223152a68d9b5f625dac94119
- https://git.kernel.org/stable/c/a5aa7bc1fca78c7fa127d9e33aa94a0c9066c1d6
- https://git.kernel.org/stable/c/c542d62883f62ececafcb630a1c5010133826bea
- https://git.kernel.org/stable/c/e47d7d6edc40a6ace7cc04e5893759fee68569f5
- https://git.kernel.org/stable/c/f10af34261448610d4048ac6e6af87f80e3881a4
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
