Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

017 - Ir a la línea de ayuda en Ciberseguridad    Ir a Agenda     Ir a Sala de prensa     Ir a suscripción de boletines

Ir al buscador

CVE-2025-68174

Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
16/12/2025
Última modificación:
16/12/2025

Descripción

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> amd/amdkfd: enhance kfd process check in switch partition<br /> <br /> current switch partition only check if kfd_processes_table is empty.<br /> kfd_prcesses_table entry is deleted in kfd_process_notifier_release, but<br /> kfd_process tear down is in kfd_process_wq_release.<br /> <br /> consider two processes:<br /> <br /> Process A (workqueue) -&gt; kfd_process_wq_release -&gt; Access kfd_node member<br /> Process B switch partition -&gt; amdgpu_xcp_pre_partition_switch -&gt; amdgpu_amdkfd_device_fini_sw<br /> -&gt; kfd_node tear down.<br /> <br /> Process A and B may trigger a race as shown in dmesg log.<br /> <br /> This patch is to resolve the race by adding an atomic kfd_process counter<br /> kfd_processes_count, it increment as create kfd process, decrement as<br /> finish kfd_process_wq_release.<br /> <br /> v2: Put kfd_processes_count per kfd_dev, move decrement to kfd_process_destroy_pdds<br /> and bug fix. (Philip Yang)<br /> <br /> [3966658.307702] divide error: 0000 [#1] SMP NOPTI<br /> [3966658.350818] i10nm_edac<br /> [3966658.356318] CPU: 124 PID: 38435 Comm: kworker/124:0 Kdump: loaded Tainted<br /> [3966658.356890] Workqueue: kfd_process_wq kfd_process_wq_release [amdgpu]<br /> [3966658.362839] nfit<br /> [3966658.366457] RIP: 0010:kfd_get_num_sdma_engines+0x17/0x40 [amdgpu]<br /> [3966658.366460] Code: 00 00 e9 ac 81 02 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 0f 1f 44 00 00 48 8b 4f 08 48 8b b7 00 01 00 00 8b 81 58 26 03 00 99 be b8 01 00 00 80 b9 70 2e 00 00 00 74 0b 83 f8 02 ba 02 00 00<br /> [3966658.380967] x86_pkg_temp_thermal<br /> [3966658.391529] RSP: 0018:ffffc900a0edfdd8 EFLAGS: 00010246<br /> [3966658.391531] RAX: 0000000000000008 RBX: ffff8974e593b800 RCX: ffff888645900000<br /> [3966658.391531] RDX: 0000000000000000 RSI: ffff888129154400 RDI: ffff888129151c00<br /> [3966658.391532] RBP: ffff8883ad79d400 R08: 0000000000000000 R09: ffff8890d2750af4<br /> [3966658.391532] R10: 0000000000000018 R11: 0000000000000018 R12: 0000000000000000<br /> [3966658.391533] R13: ffff8883ad79d400 R14: ffffe87ff662ba00 R15: ffff8974e593b800<br /> [3966658.391533] FS: 0000000000000000(0000) GS:ffff88fe7f600000(0000) knlGS:0000000000000000<br /> [3966658.391534] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [3966658.391534] CR2: 0000000000d71000 CR3: 000000dd0e970004 CR4: 0000000002770ee0<br /> [3966658.391535] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> [3966658.391535] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400<br /> [3966658.391536] PKRU: 55555554<br /> [3966658.391536] Call Trace:<br /> [3966658.391674] deallocate_sdma_queue+0x38/0xa0 [amdgpu]<br /> [3966658.391762] process_termination_cpsch+0x1ed/0x480 [amdgpu]<br /> [3966658.399754] intel_powerclamp<br /> [3966658.402831] kfd_process_dequeue_from_all_devices+0x5b/0xc0 [amdgpu]<br /> [3966658.402908] kfd_process_wq_release+0x1a/0x1a0 [amdgpu]<br /> [3966658.410516] coretemp<br /> [3966658.434016] process_one_work+0x1ad/0x380<br /> [3966658.434021] worker_thread+0x49/0x310<br /> [3966658.438963] kvm_intel<br /> [3966658.446041] ? process_one_work+0x380/0x380<br /> [3966658.446045] kthread+0x118/0x140<br /> [3966658.446047] ? __kthread_bind_mask+0x60/0x60<br /> [3966658.446050] ret_from_fork+0x1f/0x30<br /> [3966658.446053] Modules linked in: kpatch_20765354(OEK)<br /> [3966658.455310] kvm<br /> [3966658.464534] mptcp_diag xsk_diag raw_diag unix_diag af_packet_diag netlink_diag udp_diag act_pedit act_mirred act_vlan cls_flower kpatch_21951273(OEK) kpatch_18424469(OEK) kpatch_19749756(OEK)<br /> [3966658.473462] idxd_mdev<br /> [3966658.482306] kpatch_17971294(OEK) sch_ingress xt_conntrack amdgpu(OE) amdxcp(OE) amddrm_buddy(OE) amd_sched(OE) amdttm(OE) amdkcl(OE) intel_ifs iptable_mangle tcm_loop target_core_pscsi tcp_diag target_core_file inet_diag target_core_iblock target_core_user target_core_mod coldpgs kpatch_18383292(OEK) ip6table_nat ip6table_filter ip6_tables ip_set_hash_ipportip ip_set_hash_ipportnet ip_set_hash_ipport ip_set_bitmap_port xt_comment iptable_nat nf_nat iptable_filter ip_tables ip_set ip_vs_sh ip_vs_wrr ip_vs_rr ip_vs nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 sn_core_odd(OE) i40e overlay binfmt_misc tun bonding(OE) aisqos(OE) aisqo<br /> ---truncated---

Impacto

Referencias a soluciones, herramientas e información