CVE-2025-38355: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability (CVE-2025-38355) was discovered related to the drm/xe component's handling of GGTT node removals during device unwind. The issue was reported on July 25, 2025, and affects the kernel's graphics subsystem (NVD).

The vulnerability occurs during the unwinding process where the dedicated workqueue ggtt->wq is used to complete asynchronous removal of GGTT nodes. The issue arises because this process happens as part of managed-drm unwinding (ggttfiniearly), which could occur later than manage-device unwinding where MMIO/GMS mapping (mmio_fini) is unmapped. This timing mismatch can lead to a page fault when accessing unmapped memory regions, potentially causing system crashes (NVD).

When exploited, this vulnerability can result in system crashes due to page faults when attempting to access unmapped memory regions. The issue was specifically observed during unsuccessful VF initialization, leading to kernel oops and potential denial of service conditions (NVD).

A fix has been implemented by adding a managed-device action that explicitly drains the workqueue containing all pending node removals prior to releasing MMIO/GSM mapping. This solution has been cherry-picked from commit 89d2835c3680ab1938e22ad81b1c9f8c686bd391 (NVD).