Linux Kernel Vulnerability Affecting Device Removal Process
CVE-2025-39896
What is CVE-2025-39896?
A vulnerability in the Linux kernel impacts how recovery work is handled during device removal, specifically with the ivpu driver. Previously, the system could queue recovery work even after initiating the removal of a device, which posed risks of use-after-free issues when recovery attempted to access already freed resources. The fix involves the implementation of disable_work_sync() instead of cancel_work_sync(), effectively preventing new recovery work items from being scheduled during the device removal phase. Additionally, the function ivpu_pm_cancel_recovery() has been renamed to ivpu_pm_disable_recovery() to better describe its modified behavior after the adjustments.
Affected Version(s)
Linux 58cde80f45a2b1683ea3c24a9a9a4b0e1005336b < 54c49eca38dbd06913a696f6d7610937dcfad226
Linux 58cde80f45a2b1683ea3c24a9a9a4b0e1005336b < 565d2c15b6c36c3250e694f7b9a86229c1787be5
Linux 58cde80f45a2b1683ea3c24a9a9a4b0e1005336b < 69a79ada8eb034ce016b5b78fb7d08d8687223de