CVE-2025-40340

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test.<br /> <br /> I saw an oops in xe_gem_fault when running the xe-fast-feedback<br /> testlist against the realtime kernel without debug options enabled.<br /> <br /> The panic happens after core_hotunplug unbind-rebind finishes.<br /> Presumably what happens is that a process mmaps, unlocks because<br /> of the FAULT_FLAG_RETRY_NOWAIT logic, has no process memory left,<br /> causing ttm_bo_vm_dummy_page() to return VM_FAULT_NOPAGE, since<br /> there was nothing left to populate, and then oopses in<br /> "mem_type_is_vram(tbo-&gt;resource-&gt;mem_type)" because tbo-&gt;resource<br /> is NULL.<br /> <br /> It&amp;#39;s convoluted, but fits the data and explains the oops after<br /> the test exits.