Description
In the Linux kernel, the following vulnerability has been resolved:

accel/amdxdna: Fix race condition when checking rpm_on

When autosuspend is triggered, driver rpm_on flag is set to indicate that
a suspend/resume is already in progress. However, when a userspace
application submits a command during this narrow window,
amdxdna_pm_resume_get() may incorrectly skip the resume operation because
the rpm_on flag is still set. This results in commands being submitted
while the device has not actually resumed, causing unexpected behavior.

The set_dpm() is called by suspend/resume, it relied on rpm_on flag to
avoid calling into rpm suspend/resume recursivly. So to fix this, remove
the use of the rpm_on flag entirely. Instead, introduce aie2_pm_set_dpm()
which explicitly resumes the device before invoking set_dpm(). With this
change, set_dpm() is called directly inside the suspend or resume execution
path. Otherwise, aie2_pm_set_dpm() is called.
Published: 2026-05-27
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A race condition in the AMD XDNA accelerator driver for the Linux kernel allows a locally privileged userspace program to submit commands during a brief autosuspend window. Because the driver’s rpm_on flag is still set when autosuspend is triggered, the resume operation can be inadvertently skipped, causing commands to be processed while the device has not fully resumed. This results in bad or unexpected device behavior, corruption of device state, or a denial of service to applications that rely on the accelerator.

Affected Systems

All Linux kernel releases that include the accel/amdxdna driver (AMD XDNA accelerator) before the application of commit 00ffe45e… are affected. The vulnerability applies to any distribution that uses the default kernel configuration containing this driver. No specific kernel version range is listed, so any kernel versions lacking the patch are vulnerable.

Risk and Exploitability

The flaw requires local privileged access to the host and a very short window immediately after autosuspend is invoked, making exploitation unlikely. The EPSS score is under 1% and the vulnerability is not listed in the CISA KEV catalog. While it does not provide remote code execution, it can disrupt device operation and applications that depend on the accelerator. The overall risk is low to moderate, with a narrow attack window and limited impact confined to device functionality.

Generated by OpenCVE AI on May 29, 2026 at 03:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a Linux kernel release that contains commit 00ffe45e… or later, ensuring the rpm_on race condition has been fixed.
  • If a kernel upgrade cannot be performed immediately, manually apply the commit to the kernel source, rebuild, and load the updated module.
  • As a temporary measure, disable autosuspend for the AMD XDNA device or block userspace applications from issuing device commands while a suspend/resume cycle is in progress.

Generated by OpenCVE AI on May 29, 2026 at 03:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-367
References

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix race condition when checking rpm_on When autosuspend is triggered, driver rpm_on flag is set to indicate that a suspend/resume is already in progress. However, when a userspace application submits a command during this narrow window, amdxdna_pm_resume_get() may incorrectly skip the resume operation because the rpm_on flag is still set. This results in commands being submitted while the device has not actually resumed, causing unexpected behavior. The set_dpm() is called by suspend/resume, it relied on rpm_on flag to avoid calling into rpm suspend/resume recursivly. So to fix this, remove the use of the rpm_on flag entirely. Instead, introduce aie2_pm_set_dpm() which explicitly resumes the device before invoking set_dpm(). With this change, set_dpm() is called directly inside the suspend or resume execution path. Otherwise, aie2_pm_set_dpm() is called.
Title accel/amdxdna: Fix race condition when checking rpm_on
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:14:51.799Z

Reserved: 2026-05-08T13:14:33.087Z

Link: CVE-2025-71303

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:16:42.733

Modified: 2026-06-17T10:04:02.437

Link: CVE-2025-71303

cve-icon Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2025-71303 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T03:15:16Z

Weaknesses
  • CWE-367

    Time-of-check Time-of-use (TOCTOU) Race Condition