| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122417-CVE-2025-68749-1160@gregkh> Date: Wed, 24 Dec 2025 13:10:25 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-68749: accel/ivpu: Fix race condition when unbinding BOs From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix race condition when unbinding BOs Fix 'Memory manager not clean during takedown' warning that occurs when ivpu_gem_bo_free() removes the BO from the BOs list before it gets unmapped. Then file_priv_unbind() triggers a warning in drm_mm_takedown() during context teardown. Protect the unmapping sequence with bo_list_lock to ensure the BO is always fully unmapped when removed from the list. This ensures the BO is either fully unmapped at context teardown time or present on the list and unmapped by file_priv_unbind(). The Linux kernel CVE team has assigned CVE-2025-68749 to this issue. Affected and fixed versions =========================== Issue introduced in 6.8 with commit 48aea7f2a2efae6a1bd201061c71a81b3f3b7e55 and fixed in 6.17.13 with commit fb16493ebd8f171bcf0772262619618a131f30f7 Issue introduced in 6.8 with commit 48aea7f2a2efae6a1bd201061c71a81b3f3b7e55 and fixed in 6.18.2 with commit d71333ffdd3707d84cfb95acfaf8ba892adc066b Issue introduced in 6.8 with commit 48aea7f2a2efae6a1bd201061c71a81b3f3b7e55 and fixed in 6.19-rc1 with commit 00812636df370bedf4e44a0c81b86ea96bca8628 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-68749 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/accel/ivpu/ivpu_gem.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/fb16493ebd8f171bcf0772262619618a131f30f7 https://git.kernel.org/stable/c/d71333ffdd3707d84cfb95acfaf8ba892adc066b https://git.kernel.org/stable/c/00812636df370bedf4e44a0c81b86ea96bca8628
Powered by blists - more mailing lists