CVE-2025-39706
- Source
- https://cve.org/CVERecord?id=CVE-2025-39706
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39706.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-39706
- Downstream
- Related
- Published
- 2025-09-05T17:21:12.841Z
- Modified
- 2026-05-15T11:54:21.353245750Z
- Summary
- drm/amdkfd: Destroy KFD debugfs after destroy KFD wq
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Destroy KFD debugfs after destroy KFD wq
Since KFD proc content was moved to kernel debugfs, we can't destroy KFD debugfs before kfdprocessdestroywq. Move kfdprocessdestroywq prior to kfddebugfsfini to fix a kernel NULL pointer problem. It happens when /sys/kernel/debug/kfd was already destroyed in kfddebugfsfini but kfdprocessdestroywq calls kfddebugfsremoveprocess. This line debugfsremoverecursive(entry->proc_dentry); tries to remove /sys/kernel/debug/kfd/proc/<pid> while /sys/kernel/debug/kfd is already gone. It hangs the kernel by kernel NULL pointer.
(cherry picked from commit 0333052d90683d88531558dcfdbf2525cc37c233)
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39706.json", "cna_assigner": "Linux" }- References
-
- https://cert-portal.siemens.com/productcert/html/ssa-032379.html
- https://git.kernel.org/stable/c/2e58401a24e7b2d4ec619104e1a76590c1284a4c
- https://git.kernel.org/stable/c/74ee7445c3b61c3bd899a54bd82c1982cb3a8206
- https://git.kernel.org/stable/c/910735ded17cc306625e7e1cdcc8102f7ac60994
- https://git.kernel.org/stable/c/96609a51e6134542bf90e053c2cd2fe4f61ebce3
- https://git.kernel.org/stable/c/fc35c955da799ba62f6f977d58e0866d0251e3f8
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39706.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-39706
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git