Bug 2424331 (CVE-2025-68334)

Summary: CVE-2025-68334 kernel: Linux kernel: Denial of Service due to missing power management handler for AMD Van Gogh SoC
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel's power management module for AMD Van Gogh System-on-Chip (SoC) devices. A local user could exploit this by attempting to suspend the system. Due to a missing handler for the S0ix suspend state, the device fails to suspend, causing the AMD GPU driver to crash during resume. This leads to a Denial of Service (DoS) on the affected system.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-12-22 17:01:34 UTC 
In the Linux kernel, the following vulnerability has been resolved:

platform/x86/amd/pmc: Add support for Van Gogh SoC

The ROG Xbox Ally (non-X) SoC features a similar architecture to the
Steam Deck. While the Steam Deck supports S3 (s2idle causes a crash),
this support was dropped by the Xbox Ally which only S0ix suspend.

Since the handler is missing here, this causes the device to not suspend
and the AMD GPU driver to crash while trying to resume afterwards due to
a power hang.
Comment 1 Keith Grant 2025-12-22 18:54:38 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025122220-CVE-2025-68334-b63c@gregkh/T