CVE-2025-68223

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/radeon: delete radeon_fence_process in is_signaled, no deadlock

Delete the attempt to progress the queue when checking if fence is signaled. This avoids deadlock.

dma-fence_ops::signaled can be called with the fence lock in unknown state. For radeon, the fence lock is also the wait queue lock. This can cause a self deadlock when signaled() tries to make forward progress on the wait queue. But advancing the queue is unneeded because incorrectly returning false from signaled() is perfectly acceptable.

(cherry picked from commit 527ba26e50ec2ca2be9c7c82f3ad42998a75d0db)

Affected Software

VendorProductVersion RangeStatus
LinuxLinux954605ca3f897ad617123279eb3404a404cce5ab < d40a72d7e3bad4dfb311ef078f5a57362f088c7faffected
LinuxLinux954605ca3f897ad617123279eb3404a404cce5ab < 9d0ed508a9e2af82951ce7d834f58c139fc2bd9baffected
LinuxLinux954605ca3f897ad617123279eb3404a404cce5ab < 73bc12d6a547f9571ce4393acfd73c004e2df9e5affected
LinuxLinux954605ca3f897ad617123279eb3404a404cce5ab < 7e3e9b3a44c23c8eac86a41308c05077d6d30f41affected
LinuxLinux954605ca3f897ad617123279eb3404a404cce5ab < 9eb00b5f5697bd56baa3222c7a1426fa15bacfb5affected
LinuxLinux3.18affected
LinuxLinux0 < 3.18unaffected
LinuxLinux6.1.162 <= 6.1.*unaffected
LinuxLinux6.6.123 <= 6.6.*unaffected
LinuxLinux6.12.60 <= 6.12.*unaffected
LinuxLinux6.17.10 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

References