CVE-2025-40166: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-40166 affects the Linux kernel's DRM (Direct Rendering Manager) subsystem, specifically in the GuC (Graphics Microcontroller) component. The vulnerability was disclosed on November 12, 2025, and involves issues with the exec queue deregistration process in the graphics driver (NVD).

The vulnerability occurs in the drm/xe/guc component when handling exec queue deregistration. In normal operation, a registered exec queue is disabled and deregistered through the GuC, and freed only after the GuC confirms completion. However, if the driver is forced to unbind while the exec queue is still running, the user may call exec_destroy() after the GuC has already been stopped and CT communication disabled. This prevents proper cleanup of exec queue resources (NVD).

When exploited, this vulnerability can lead to resource leaks and potential system instability. The issue manifests in the GuC ID manager becoming unclean, as evidenced by error messages showing mismatched resource counts (1/65535) (NVD).

A fix has been implemented that checks the GuC running state before deregistering the exec queue. The solution involves directly releasing the resources when GuC is not running, rather than waiting for a response that will never come. Additionally, the fix includes using xe_uc_fw_is_running() instead of xe_guc_ct_enabled() to handle cases where CT may go down and come back during VF migration (NVD).