Primary

Context

Linux Kernel Intel Graphics Virtualization Technology VGPU Debugfs Cleanup Vulnerability

Vulnerability

Patched

A vulnerability in the Linux kernel's handling of Intel Graphics Virtualization Technology (GVT) can lead to a null pointer dereference, causing a kernel crash. This issue arises when a virtual GPU (VGPU) is removed, as the associated debugfs root may have already been deleted. The problem has been observed in Linux kernel versions through 6.1.0-rc2.

Impact

The vulnerability causes a kernel NULL pointer dereference, leading to a system crash.

Reproduction

The vulnerability can be reproduced by removing a virtual GPU that is still registered with the debug filesystem. This can be done by using the 'driverctl' command to unbind a device that has an associated VGPU, which will trigger the NULL pointer dereference and cause a kernel oops.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed.

Added: Oct 7, 2025, 5:54 PM

Updated: Oct 7, 2025, 5:54 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.3

remediation

7.7

relevance

0.7

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.3

remediation

7.7

relevance

0.7

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Intel Graphics Virtualization Technology VGPU Debugfs Cleanup Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating