CVE-2025-68749 (GCVE-0-2025-68749)
Vulnerability from cvelistv5
Published
2025-12-24 12:09
Modified
2025-12-24 12:09
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix race condition when unbinding BOs Fix 'Memory manager not clean during takedown' warning that occurs when ivpu_gem_bo_free() removes the BO from the BOs list before it gets unmapped. Then file_priv_unbind() triggers a warning in drm_mm_takedown() during context teardown. Protect the unmapping sequence with bo_list_lock to ensure the BO is always fully unmapped when removed from the list. This ensures the BO is either fully unmapped at context teardown time or present on the list and unmapped by file_priv_unbind().
References
Impacted products
Vendor Product Version
Linux Linux Version: 48aea7f2a2efae6a1bd201061c71a81b3f3b7e55
Version: 48aea7f2a2efae6a1bd201061c71a81b3f3b7e55
Version: 48aea7f2a2efae6a1bd201061c71a81b3f3b7e55
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/accel/ivpu/ivpu_gem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fb16493ebd8f171bcf0772262619618a131f30f7",
              "status": "affected",
              "version": "48aea7f2a2efae6a1bd201061c71a81b3f3b7e55",
              "versionType": "git"
            },
            {
              "lessThan": "d71333ffdd3707d84cfb95acfaf8ba892adc066b",
              "status": "affected",
              "version": "48aea7f2a2efae6a1bd201061c71a81b3f3b7e55",
              "versionType": "git"
            },
            {
              "lessThan": "00812636df370bedf4e44a0c81b86ea96bca8628",
              "status": "affected",
              "version": "48aea7f2a2efae6a1bd201061c71a81b3f3b7e55",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/accel/ivpu/ivpu_gem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.19-rc1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.13",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.2",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19-rc1",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/ivpu: Fix race condition when unbinding BOs\n\nFix \u0027Memory manager not clean during takedown\u0027 warning that occurs\nwhen ivpu_gem_bo_free() removes the BO from the BOs list before it\ngets unmapped. Then file_priv_unbind() triggers a warning in\ndrm_mm_takedown() during context teardown.\n\nProtect the unmapping sequence with bo_list_lock to ensure the BO is\nalways fully unmapped when removed from the list. This ensures the BO\nis either fully unmapped at context teardown time or present on the\nlist and unmapped by file_priv_unbind()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-24T12:09:44.301Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fb16493ebd8f171bcf0772262619618a131f30f7"
        },
        {
          "url": "https://git.kernel.org/stable/c/d71333ffdd3707d84cfb95acfaf8ba892adc066b"
        },
        {
          "url": "https://git.kernel.org/stable/c/00812636df370bedf4e44a0c81b86ea96bca8628"
        }
      ],
      "title": "accel/ivpu: Fix race condition when unbinding BOs",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-68749",
    "datePublished": "2025-12-24T12:09:44.301Z",
    "dateReserved": "2025-12-24T10:30:51.032Z",
    "dateUpdated": "2025-12-24T12:09:44.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-68749\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-24T13:16:29.830\",\"lastModified\":\"2025-12-24T13:16:29.830\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\naccel/ivpu: Fix race condition when unbinding BOs\\n\\nFix \u0027Memory manager not clean during takedown\u0027 warning that occurs\\nwhen ivpu_gem_bo_free() removes the BO from the BOs list before it\\ngets unmapped. Then file_priv_unbind() triggers a warning in\\ndrm_mm_takedown() during context teardown.\\n\\nProtect the unmapping sequence with bo_list_lock to ensure the BO is\\nalways fully unmapped when removed from the list. This ensures the BO\\nis either fully unmapped at context teardown time or present on the\\nlist and unmapped by file_priv_unbind().\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/00812636df370bedf4e44a0c81b86ea96bca8628\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d71333ffdd3707d84cfb95acfaf8ba892adc066b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fb16493ebd8f171bcf0772262619618a131f30f7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.