PT-2025-33554 · Linux+5 · Linux Kernel+5

Published

2025-08-16

·

Updated

2026-04-20

·

CVE-2025-38511

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The Linux kernel contains a flaw in the DRM/XE/PF subsystem related to the allocation of LMTT pages. LMEM buffer objects are not cleared by default during allocation, and during VF provisioning, LMTT PTEs are only set up for the provisioned LMEM range. This can leave stale data beyond the valid range, potentially allowing a malicious VF to exploit the gap. The issue is addressed by explicitly clearing all new LMTT pages.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BDU:2025-11350
CVE-2025-38511
OPENSUSE-SU-2026:20287-1
SUSE-SU-2025:03290-1
SUSE-SU-2025:03382-1
SUSE-SU-2025:03633-1
SUSE-SU-2025:3886-1
SUSE-SU-2025:3995-1
SUSE-SU-2025:4001-1
SUSE-SU-2025:4056-1
SUSE-SU-2025_03290-1
SUSE-SU-2025_03382-1
SUSE-SU-2026:20555-1
SUSE-SU-2026:20599-1
SUSE-SU-2026:20615-1
USN-7879-1
USN-7879-2
USN-7879-3
USN-7879-4
USN-7880-1
USN-7934-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu