CVE-2025-68749

MEDIUM

Linux Kernel 6.8-6.12.68, 6.13.0-6.17.13, 6.18.0-6.18.2 - Race Condition in BO Unbinding

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix race condition when unbinding BOs Fix 'Memory manager not clean during takedown' warning that occurs when ivpu_gem_bo_free() removes the BO from the BOs list before it gets unmapped. Then file_priv_unbind() triggers a warning in drm_mm_takedown() during context teardown. Protect the unmapping sequence with bo_list_lock to ensure the BO is always fully unmapped when removed from the list. This ensures the BO is either fully unmapped at context teardown time or present on the list and unmapped by file_priv_unbind().

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/0328bb097bef05a796217c54b3d651cc3782827c

Patch

https://git.kernel.org/stable/c/fb16493ebd8f171bcf0772262619618a131f30f7

Patch

https://git.kernel.org/stable/c/d71333ffdd3707d84cfb95acfaf8ba892adc066b

Patch

https://git.kernel.org/stable/c/00812636df370bedf4e44a0c81b86ea96bca8628

Scores

CVSS v3 4.7

EPSS 0.0014

EPSS Percentile 3.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-362

Status published

Products (14)

linux/Kernel 6.13.0 - 6.17.13linux

linux/Kernel 6.18.0 - 6.18.2linux

linux/Kernel 6.8.0 - 6.12.68linux

Linux/Linux < 6.8

Linux/Linux 48aea7f2a2efae6a1bd201061c71a81b3f3b7e55 - 00812636df370bedf4e44a0c81b86ea96bca8628

Linux/Linux 48aea7f2a2efae6a1bd201061c71a81b3f3b7e55 - 0328bb097bef05a796217c54b3d651cc3782827c

Linux/Linux 48aea7f2a2efae6a1bd201061c71a81b3f3b7e55 - d71333ffdd3707d84cfb95acfaf8ba892adc066b

Linux/Linux 48aea7f2a2efae6a1bd201061c71a81b3f3b7e55 - fb16493ebd8f171bcf0772262619618a131f30f7

Linux/Linux 6.12.68 - 6.12.*

Linux/Linux 6.17.13 - 6.17.*

... and 4 more

Published Dec 24, 2025

Tracked Since Feb 18, 2026