In the Linux kernel, the following vulnerability has been resolved:

drm/amdkfd: Destroy KFD debugfs after destroy KFD wq

Since KFD proc content was moved to kernel debugfs, we can't destroy KFD
debugfs before kfd_process_destroy_wq. Move kfd_process_destroy_wq prior
to kfd_debugfs_fini to fix a kernel NULL pointer problem. It happens
when /sys/kernel/debug/kfd was already destroyed in kfd_debugfs_fini but
kfd_process_destroy_wq calls kfd_debugfs_remove_process. This line
debugfs_remove_recursive(entry->proc_dentry);
tries to remove /sys/kernel/debug/kfd/proc/<pid> while
/sys/kernel/debug/kfd is already gone. It hangs the kernel by kernel
NULL pointer.

(cherry picked from commit 0333052d90683d88531558dcfdbf2525cc37c233)

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Linux
  • Linux Kernel

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Linux
  • Linux Kernel
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/2e58401a24e7b2d4ec619104e1a76590c1284a4c cve-icon cve-icon
https://git.kernel.org/stable/c/74ee7445c3b61c3bd899a54bd82c1982cb3a8206 cve-icon cve-icon
https://git.kernel.org/stable/c/910735ded17cc306625e7e1cdcc8102f7ac60994 cve-icon cve-icon
https://git.kernel.org/stable/c/96609a51e6134542bf90e053c2cd2fe4f61ebce3 cve-icon cve-icon
https://git.kernel.org/stable/c/fc35c955da799ba62f6f977d58e0866d0251e3f8 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025090549-CVE-2025-39706-087c@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-39706 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-39706 cve-icon
History

Sun, 07 Sep 2025 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Vendors & Products Linux
Linux linux Kernel

Sat, 06 Sep 2025 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Fri, 05 Sep 2025 17:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Destroy KFD debugfs after destroy KFD wq Since KFD proc content was moved to kernel debugfs, we can't destroy KFD debugfs before kfd_process_destroy_wq. Move kfd_process_destroy_wq prior to kfd_debugfs_fini to fix a kernel NULL pointer problem. It happens when /sys/kernel/debug/kfd was already destroyed in kfd_debugfs_fini but kfd_process_destroy_wq calls kfd_debugfs_remove_process. This line debugfs_remove_recursive(entry->proc_dentry); tries to remove /sys/kernel/debug/kfd/proc/<pid> while /sys/kernel/debug/kfd is already gone. It hangs the kernel by kernel NULL pointer. (cherry picked from commit 0333052d90683d88531558dcfdbf2525cc37c233)
Title drm/amdkfd: Destroy KFD debugfs after destroy KFD wq
References
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2025-09-29T05:57:49.169Z

Reserved: 2025-04-16T07:20:57.116Z

Link: CVE-2025-39706

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-09-05T18:15:47.817

Modified: 2025-09-08T16:25:38.810

Link: CVE-2025-39706

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-09-05T00:00:00Z

Links: CVE-2025-39706 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2025-09-07T15:47:32Z