CVE-2025-38690 in Linux
Summary
by MITRE • 09/04/2025
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/migrate: prevent infinite recursion
If the buf + offset is not aligned to XE_CAHELINE_BYTES we fallback to using a bounce buffer. However the bounce buffer here is allocated on the stack, and the only alignment requirement here is that it's naturally aligned to u8, and not XE_CACHELINE_BYTES. If the bounce buffer is also misaligned we then recurse back into the function again, however the new bounce buffer might also not be aligned, and might never be until we eventually blow through the stack, as we keep recursing.
Instead of using the stack use kmalloc, which should respect the power-of-two alignment request here. Fixes a kernel panic when triggering this path through eudebug.
v2 (Stuart): - Add build bug check for power-of-two restriction - s/EINVAL/ENOMEM/
(cherry picked from commit 38b34e928a08ba594c4bbf7118aa3aadacd62fff)
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 02/10/2026
This vulnerability resides within the Linux kernel's graphics subsystem, specifically in the intel xeon e7 (xe) driver's memory management component. The flaw manifests in the drm/xe/migrate functionality where the kernel attempts to handle memory operations that require specific cache line alignment. The issue occurs during buffer migration operations when the system encounters misaligned memory access patterns that require fallback mechanisms to maintain system stability.
The technical implementation flaw stems from improper memory allocation strategies within the kernel's graphics driver. When buffer operations fail to meet the required XE_CACHELINE_BYTES alignment, the system implements a fallback mechanism using a bounce buffer. However, this bounce buffer is allocated on the kernel stack rather than using proper kernel memory allocation functions. The stack allocation approach inherently provides only natural alignment to u8 boundaries, which fails to meet the required cache line alignment specifications.
The recursive nature of this vulnerability creates a critical condition where the system enters infinite recursion when alignment requirements cannot be satisfied. Each recursive call attempts to allocate a new bounce buffer, but due to the stack-based allocation approach, subsequent allocations may also fail alignment checks. This creates a cascading failure where the kernel's stack space becomes exhausted through repeated recursive calls, ultimately resulting in a kernel panic and system crash. The vulnerability specifically impacts systems using the eudebug debugging interface which triggers this problematic code path.
This issue directly relates to CWE-674, which describes "Uncontrolled Recursion" in software systems, and represents a classic example of stack exhaustion through improper recursive function calls. The vulnerability also aligns with ATT&CK technique T1499.001, which covers "Endpoint Development: Network Denial of Service" through kernel-level resource exhaustion. The flaw demonstrates poor memory management practices where stack-based allocation fails to meet the alignment requirements of the target architecture, creating a path for denial of service attacks that can compromise system stability.
The fix implemented addresses the core issue by replacing stack-based allocation with kmalloc, which properly handles power-of-two alignment requirements. This change ensures that memory allocations meet the necessary cache line alignment specifications without creating recursive conditions. The v2 patch enhancement includes build-time validation to verify power-of-two restrictions and corrects error code handling from EINVAL to ENOMEM, providing more accurate error reporting. This solution prevents the infinite recursion scenario while maintaining the intended functionality of the memory management subsystem, thereby resolving the kernel panic condition that occurred when the eudebug interface triggered this code path.
The operational impact of this vulnerability extends beyond simple system crashes, as it represents a potential denial of service vector that could be exploited in environments where graphics processing is critical. Systems running kernel versions containing this flaw require immediate patching to prevent accidental system panics during normal graphics operations or when debugging interfaces are utilized. The vulnerability affects all systems using the intel xe graphics driver where the specific buffer migration path is exercised, making it a widespread concern for kernel security and system stability.