CVE-2025-39706

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/amdkfd: Destroy KFD debugfs after destroy KFD wq

Since KFD proc content was moved to kernel debugfs, we can't destroy KFD debugfs before kfd_process_destroy_wq. Move kfd_process_destroy_wq prior to kfd_debugfs_fini to fix a kernel NULL pointer problem. It happens when /sys/kernel/debug/kfd was already destroyed in kfd_debugfs_fini but kfd_process_destroy_wq calls kfd_debugfs_remove_process. This line debugfs_remove_recursive(entry->proc_dentry); tries to remove /sys/kernel/debug/kfd/proc/<pid> while /sys/kernel/debug/kfd is already gone. It hangs the kernel by kernel NULL pointer.

(cherry picked from commit 0333052d90683d88531558dcfdbf2525cc37c233)

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4a488a7ad71401169cecee75dc94bcce642e2c53 < fc35c955da799ba62f6f977d58e0866d0251e3f8affected
LinuxLinux4a488a7ad71401169cecee75dc94bcce642e2c53 < 74ee7445c3b61c3bd899a54bd82c1982cb3a8206affected
LinuxLinux4a488a7ad71401169cecee75dc94bcce642e2c53 < 96609a51e6134542bf90e053c2cd2fe4f61ebce3affected
LinuxLinux4a488a7ad71401169cecee75dc94bcce642e2c53 < 910735ded17cc306625e7e1cdcc8102f7ac60994affected
LinuxLinux4a488a7ad71401169cecee75dc94bcce642e2c53 < 2e58401a24e7b2d4ec619104e1a76590c1284a4caffected
LinuxLinux3.19affected
LinuxLinux0 < 3.19unaffected
LinuxLinux6.1.149 <= 6.1.*unaffected
LinuxLinux6.6.103 <= 6.6.*unaffected
LinuxLinux6.12.44 <= 6.12.*unaffected
LinuxLinux6.16.4 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

Additional References

References