CVE-2025-37754: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-37754 is a vulnerability discovered in the Linux kernel's drm/i915/huc driver component, specifically related to the HuC delayed loading fence mechanism. The issue was identified and disclosed on May 1, 2025, affecting the Intel i915 graphics driver (NVD, Wiz).

The vulnerability occurs when a HuC delayed loading fence, introduced with commit 27536e03271da, is registered with the object tracker early during driver probe but is only unregistered from driver remove, which is not called during early probe errors. The memory is allocated under devres and then released, potentially being reallocated to the fence and reused on future driver probes. This issue is most easily reproducible with the igt@i915_module_load@reload-with-fault-injection test. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat).

The vulnerability results in kernel warnings that taint the kernel, potentially affecting system stability and security. When triggered, it causes the kernel to generate debug messages indicating an initialization state object destruction issue (Wiz).

The issue has been resolved by moving the cleanup step to the driver release path. The fix was implemented through a cherry-picked commit 795dbde92fe5c6996a02a5b579481de73035e7bf. Fixed versions have been released for various Linux distributions including Debian Bookworm (6.12.25-1) and Trixie (Debian).