ghsa-xxvw-mmrh-6cr5
Vulnerability from github
Published
2025-05-20 18:30
Modified
2025-05-20 18:30
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/v3d: Add job to pending list if the reset was skipped

When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so, instead of resetting the hardware, we skip the reset and let the timer get rearmed. This gives long-running jobs a chance to complete.

However, when timedout_job() is called, the job in question is removed from the pending list, which means it won't be automatically freed through free_job(). Consequently, when we skip the reset and keep the job running, the job won't be freed when it finally completes.

This situation leads to a memory leak, as exposed in [1] and [2].

Similarly to commit 704d3d60fec4 ("drm/etnaviv: don't block scheduler when GPU is still active"), this patch ensures the job is put back on the pending list when extending the timeout.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-37951"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-20T16:15:33Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Add job to pending list if the reset was skipped\n\nWhen a CL/CSD job times out, we check if the GPU has made any progress\nsince the last timeout. If so, instead of resetting the hardware, we skip\nthe reset and let the timer get rearmed. This gives long-running jobs a\nchance to complete.\n\nHowever, when `timedout_job()` is called, the job in question is removed\nfrom the pending list, which means it won\u0027t be automatically freed through\n`free_job()`. Consequently, when we skip the reset and keep the job\nrunning, the job won\u0027t be freed when it finally completes.\n\nThis situation leads to a memory leak, as exposed in [1] and [2].\n\nSimilarly to commit 704d3d60fec4 (\"drm/etnaviv: don\u0027t block scheduler when\nGPU is still active\"), this patch ensures the job is put back on the\npending list when extending the timeout.",
  "id": "GHSA-xxvw-mmrh-6cr5",
  "modified": "2025-05-20T18:30:56Z",
  "published": "2025-05-20T18:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37951"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/12125f7d9c15e6d8ac91d10373b2db2f17dcf767"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/35e4079bf1a2570abffce6ababa631afcf8ea0e5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/422a8b10ba42097a704d6909ada2956f880246f2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5235b56b7e5449d990d21d78723b1a5e7bb5738e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a5f162727b91e480656da1876247a91f651f76de"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.