VDB

DEBIAN-CVE-2025-39706

DEBIAN-CVE-2025-39706 PUBLISHED CVSS 5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Destroy KFD debugfs after destroy KFD wq Since KFD proc content was moved to kernel debugfs, we can't destroy KFD debugfs before kfd_process_destroy_wq. Move kfd_process_destroy_wq prior to kfd_debugfs_fini to fix a kernel NULL pointer problem. It happens when /sys/kernel/debug/kfd was already destroyed in kfd_debugfs_fini but kfd_process_destroy_wq calls kfd_debugfs_remove_process. This line debugfs_remove_recursive(entry->proc_dentry); tries to remove /sys/kernel/debug/kfd/proc/<pid> while /sys/kernel/debug/kfd is already gone. It hangs the kernel by kernel NULL pointer. (cherry picked from commit 0333052d90683d88531558dcfdbf2525cc37c233)

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Debian:13linux6.12.38-1, 6.12.41-1, 6.12.43-1
Debian:14linux6.12.43-1, 6.12.48-1, 6.12.57-1
Debian:12linux6.1.128-1, 6.1.85-1, 6.1.90-1~bpo11+1
Debian:11linux-6.1*, 6.1.106-3~deb11u1, 6.1.106-3~deb11u2
Debian:11linux6.12.20-1, 6.12.43-1, 6.12.22-1

Timeline

  • Sep 5, 2025 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›