2425035 – (CVE-2025-68749) CVE-2025-68749 kernel: accel/ivpu: Fix race condition when unbinding BOs

Bug 2425035 (CVE-2025-68749) - CVE-2025-68749 kernel: accel/ivpu: Fix race condition when unbinding BOs

Summary: CVE-2025-68749 kernel: accel/ivpu: Fix race condition when unbinding BOs

Keywords:
Status:	NEW
Alias:	CVE-2025-68749
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-12-24 13:03 UTC by OSIDB Bzimport
Modified:	2025-12-25 07:18 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-12-24 13:03:38 UTC

In the Linux kernel, the following vulnerability has been resolved:

accel/ivpu: Fix race condition when unbinding BOs

Fix 'Memory manager not clean during takedown' warning that occurs
when ivpu_gem_bo_free() removes the BO from the BOs list before it
gets unmapped. Then file_priv_unbind() triggers a warning in
drm_mm_takedown() during context teardown.

Protect the unmapping sequence with bo_list_lock to ensure the BO is
always fully unmapped when removed from the list. This ensures the BO
is either fully unmapped at context teardown time or present on the
list and unmapped by file_priv_unbind().

Comment 1 Alexander B 2025-12-25 07:13:43 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025122417-CVE-2025-68749-1160@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.