CVE-2025-68732

Summary

In the Linux kernel, the following vulnerability has been resolved:

gpu: host1x: Fix race in syncpt alloc/free

Fix race condition between host1x_syncpt_alloc() and host1x_syncpt_put() by using kref_put_mutex() instead of kref_put() + manual mutex locking.

This ensures no thread can acquire the syncpt_mutex after the refcount drops to zero but before syncpt_release acquires it. This prevents races where syncpoints could be allocated while still being cleaned up from a previous release.

Remove explicit mutex locking in syncpt_release as kref_put_mutex() handles this atomically.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf5ba33fb9690566c382624637125827b5512e766 < ca9388fba50dac2eb71c13702b7022a801bef90eaffected
LinuxLinuxf5ba33fb9690566c382624637125827b5512e766 < 4aeaece518fa4436af93d1d8b786200d9656ff4baffected
LinuxLinuxf5ba33fb9690566c382624637125827b5512e766 < 6245cce711e2cdb2cc75c0bb8632952e36f8c972affected
LinuxLinuxf5ba33fb9690566c382624637125827b5512e766 < 4e6e07ce0197aecfb6c4a62862acc93b3efedeb7affected
LinuxLinuxf5ba33fb9690566c382624637125827b5512e766 < d138f73ffb0c57ded473c577719e6e551b7b1f27affected
LinuxLinuxf5ba33fb9690566c382624637125827b5512e766 < 79197c6007f2afbfd7bcf5b9b80ccabf8483d774affected
LinuxLinuxf5ba33fb9690566c382624637125827b5512e766 < c7d393267c497502fa737607f435f05dfe6e3d9baffected
LinuxLinux5.13affected
LinuxLinux0 < 5.13unaffected
LinuxLinux5.15.198 <= 5.15.*unaffected
LinuxLinux6.1.160 <= 6.1.*unaffected
LinuxLinux6.6.120 <= 6.6.*unaffected
LinuxLinux6.12.63 <= 6.12.*unaffected
LinuxLinux6.17.13 <= 6.17.*unaffected
LinuxLinux6.18.2 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

References