CVE-2025-40023
Description
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/vf: Don't expose sysfs attributes not applicable for VFs
VFs can't read BMG_PCIE_CAP(0x138340) register nor access PCODE (already guarded by the info.skip_pcode flag) so we shouldn't expose attributes that require any of them to avoid errors like:
[] xe 0000:03:00.1: [drm] Tile0: GT0: VF is trying to read an \ inaccessible register 0x138340+0x0 [] RIP: 0010:xe_gt_sriov_vf_read32+0x6c2/0x9a0 [xe] [] Call Trace: [] xe_mmio_read32+0x110/0x280 [xe] [] auto_link_downgrade_capable_show+0x2e/0x70 [xe] [] dev_attr_show+0x1a/0x70 [] sysfs_kf_seq_show+0xaa/0x120 [] kernfs_seq_show+0x41/0x60
(cherry picked from commit a2d6223d224f333f705ed8495bf8bebfbc585c35)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The Linux kernel fix prevents sysfs attribute errors for virtual function (VF) devices in the drm/xe driver, which could cause inaccessible register errors.
Vulnerability
Overview
CVE-2025-40023 is a Linux kernel vulnerability in the drm/xe driver, specifically affecting the handling of sysfs attributes for virtual functions (VFs) in Intel GPUs. The root cause is that certain sysfs attributes, such as auto_link_downgrade_capable, are exposed to VFs even though VFs cannot read the required hardware registers (e.g., BMG_PCIE_CAP at 0x138340) or access PCODE. This leads to errors when a VF attempts to read an inaccessible register, as shown in the kernel log: "VF is trying to read an inaccessible register 0x138340+0x0" [1][2].
Attack
Vector and Exploitation
The vulnerability does not require an attacker to interact with the system remotely; rather, it is triggered when a VF driver instance attempts to read sysfs attributes that are not applicable to VFs. The attack surface is local, requiring the presence of a VF device (e.g., in a virtualized environment with Intel GPU partitioning). Authentication to the system is needed to access the sysfs interface, but no special privileges beyond the ability to read sysfs files are necessary. The error occurs when the driver tries to read the register, leading to a kernel trace that could potentially be leveraged for denial-of-service or information leakage [1].
Impact
An attacker who can cause the vulnerable sysfs attribute to be read (e.g., by a system monitoring tool or administrative script) may trigger a kernel error, resulting in a kernel panic or system instability. The error message reveals the register being accessed, which could aid in further exploitation. However, the primary impact is denial of service, as the kernel may halt or become unresponsive [1].
Mitigation and
Status
The fix, committed as bacbadedbba7 and backported to stable kernels, removes the exposure of these sysfs attributes for VFs by checking whether the device is a VF before registering the attributes. The patch ensures that VFs do not attempt to read inaccessible registers, preventing the associated errors. Users should update their Linux kernel to a version containing this commit. There is no known workaround aside from avoiding reading those sysfs files on VF systems, which is not practical [1][2].
For systems using Intel GPUs in virtualized environments, applying the kernel update is critical to maintain stability.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
2bacbadedbba7500dad428e5bVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.