CVE-2025-39706

Since KFD proc content was moved to kernel debugfs, we can't destroy KFD debugfs before kfdprocessdestroywq. Move kfdprocessdestroywq prior to kfddebugfsfini to fix a kernel NULL pointer problem. It happens when /sys/kernel/debug/kfd was already destroyed in kfddebugfsfini but kfdprocessdestroywq calls kfddebugfsremoveprocess. This line debugfsremoverecursive(entry->proc_dentry); tries to remove /sys/kernel/debug/kfd/proc/<pid> while /sys/kernel/debug/kfd is already gone. It hangs the kernel by kernel NULL pointer.

(cherry picked from commit 0333052d90683d88531558dcfdbf2525cc37c233)

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39706.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

4a488a7ad71401169cecee75dc94bcce642e2c53

Fixed

fc35c955da799ba62f6f977d58e0866d0251e3f8

Fixed

74ee7445c3b61c3bd899a54bd82c1982cb3a8206

Fixed

96609a51e6134542bf90e053c2cd2fe4f61ebce3

Fixed

910735ded17cc306625e7e1cdcc8102f7ac60994

Fixed

2e58401a24e7b2d4ec619104e1a76590c1284a4c

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39706.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.19.0

Fixed

6.1.149

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.103

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.44

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.16.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39706.json"