Impact
The vulnerability arose when the DRM Xe code omitted the schedule toggle that forces a GPU context switch during suspend when the execution queue is idle. This bypasses a GuC suspend step that normally flushes Translation Look‑aside Buffers (TLBs) for userptr virtual memory areas that have been invalidated. In systems running the LR/preempt‑fence VM mode, the omitted flush can leave stale TLB entries in place. When userptr pages are later invalidated or accessed, the missing flush can cause page faults that disrupt the kernel's memory handling logic.
Affected Systems
The affected product is the Linux kernel. Any released kernel that contains the commit 8533051ce92015e9cc6f75e0d52119b9d91610b6, its revert, or the keyword ‘drm/xe: Skip exec queue schedule toggle’ is relevant. Because the issue is specific to the LR/preempt‑fence VM execution mode, kernels where this mode is enabled are at higher risk.
Risk and Exploitability
The CVSS score of 7.8 indicates a moderate‑to‑high severity assessment. An EPSS score of < 1% reflects a low probability of exploitation. The flaw is not listed in the CISA KEV catalog, suggesting no publicly documented exploit activity. The primary vulnerability is in system availability: the missing TLB flush can lead to page faults during userptr invalidation, potentially causing service disruptions. An attacker would need sufficient privileges to provoke the fault conditions, so remote exploitation is improbable without local or elevated access.
OpenCVE Enrichment