AZL-66989

See a problem?
Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66989.json
JSON Data
https://api.test.osv.dev/v1/vulns/AZL-66989
Upstream
Published
2025-09-05T18:15:47Z
Modified
2026-04-01T05:21:05.752424Z
Summary
CVE-2025-39706 affecting package kernel for versions less than 6.6.104.2-1
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amdkfd: Destroy KFD debugfs after destroy KFD wq

Since KFD proc content was moved to kernel debugfs, we can't destroy KFD debugfs before kfdprocessdestroywq. Move kfdprocessdestroywq prior to kfddebugfsfini to fix a kernel NULL pointer problem. It happens when /sys/kernel/debug/kfd was already destroyed in kfddebugfsfini but kfdprocessdestroywq calls kfddebugfsremoveprocess. This line debugfsremoverecursive(entry->proc_dentry); tries to remove /sys/kernel/debug/kfd/proc/<pid> while /sys/kernel/debug/kfd is already gone. It hangs the kernel by kernel NULL pointer.

(cherry picked from commit 0333052d90683d88531558dcfdbf2525cc37c233)

References

Affected packages

Azure Linux:3 / kernel

Package

Name
kernel
Purl
pkg:rpm/azure-linux/kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.6.104.2-1

Database specific

source 
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66989.json"