AZL-73072

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73072.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-73072

Upstream

CVE-2025-68732

Published

2025-12-24T11:16:02Z

Modified

2026-04-01T05:22:15.777832Z

Summary

CVE-2025-68732 affecting package kernel for versions less than 6.6.121.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

gpu: host1x: Fix race in syncpt alloc/free

Fix race condition between host1xsyncptalloc() and host1xsyncptput() by using krefputmutex() instead of kref_put() + manual mutex locking.

This ensures no thread can acquire the syncptmutex after the refcount drops to zero but before syncptrelease acquires it. This prevents races where syncpoints could be allocated while still being cleaned up from a previous release.

Remove explicit mutex locking in syncptrelease as krefput_mutex() handles this atomically.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-68732

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.121.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73072.json"