CVE-2025-21644

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.13.0-rc4-xe+

Description The issue is related to the Linux kernel's drm/xe component. When the GuC (Graphics Unit Controller) fails to load, the driver becomes unresponsive, but it attempts to perform actions that may not be initialized yet. This can lead to a NULL pointer dereference. The problem can be triggered by forcing a signature failure in the GuC binary. The error messages indicate a failure in the firmware signature verification and a critical error declaring the device as wedged.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the drm/xe component, specifically the change that moves the xe gt tlb invalidation init() function to be called earlier by xe gt init early(). As a temporary workaround, consider disabling the xe gt tlb invalidation reset() function until a patch is available. Restrict access to the vulnerable drm/xe module to minimize the risk of exploitation. Avoid using the GuC binary in a way that could force a signature failure until the issue is resolved.