Description
In the Linux kernel, the following vulnerability has been resolved:

accel/amdxdna: Fix race condition when checking rpm_on

When autosuspend is triggered, driver rpm_on flag is set to indicate that
a suspend/resume is already in progress. However, when a userspace
application submits a command during this narrow window,
amdxdna_pm_resume_get() may incorrectly skip the resume operation because
the rpm_on flag is still set. This results in commands being submitted
while the device has not actually resumed, causing unexpected behavior.

The set_dpm() is called by suspend/resume, it relied on rpm_on flag to
avoid calling into rpm suspend/resume recursivly. So to fix this, remove
the use of the rpm_on flag entirely. Instead, introduce aie2_pm_set_dpm()
which explicitly resumes the device before invoking set_dpm(). With this
change, set_dpm() is called directly inside the suspend or resume execution
path. Otherwise, aie2_pm_set_dpm() is called.
Published: 2026-05-27
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A race condition in the Linux kernel’s AMD XDNA accelerator driver can allow a locally privileged userspace program to submit commands during a narrow autosuspend window. Because the driver’s rpm_on flag is still set, it may skip the required resume operation, causing commands to be processed while the device is not fully active. This results in incorrect or corrupt device behavior, potentially leading to application errors or a denial of service for services relying on the accelerator. The likely attack vector involves a locally privileged user-space process that can issue commands during the autosuspend window.

Affected Systems

The flaw affects any Linux kernel running the AMD XDNA (ACCEL) driver that does not contain the referenced patch. No specific kernel version numbers are listed in the advisory, meaning the issue may persist in a wide range of kernel releases against which the device module is available.

Risk and Exploitability

The CVSS score is not disclosed and the EPSS score is unavailable; the vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that exploitation would require local privileged access to submit device commands while an autosuspend cycle is underway. The impact is limited to device operation and does not provide direct remote code execution or full system compromise, but it can disrupt dependent services and applications, and the likelihood of exploitation remains uncertain.

Generated by OpenCVE AI on May 27, 2026 at 16:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a release that includes commit 00ffe45e…
  • If a kernel upgrade cannot be performed immediately, apply the patch manually from the provided Git commits to the kernel source and rebuild the kernel with the fix applied.
  • Until the patch is deployed, disable autosuspend for the AMD XDNA device or prevent userspace applications from issuing commands to the device while suspend/resume cycles are in progress.

Generated by OpenCVE AI on May 27, 2026 at 16:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix race condition when checking rpm_on When autosuspend is triggered, driver rpm_on flag is set to indicate that a suspend/resume is already in progress. However, when a userspace application submits a command during this narrow window, amdxdna_pm_resume_get() may incorrectly skip the resume operation because the rpm_on flag is still set. This results in commands being submitted while the device has not actually resumed, causing unexpected behavior. The set_dpm() is called by suspend/resume, it relied on rpm_on flag to avoid calling into rpm suspend/resume recursivly. So to fix this, remove the use of the rpm_on flag entirely. Instead, introduce aie2_pm_set_dpm() which explicitly resumes the device before invoking set_dpm(). With this change, set_dpm() is called directly inside the suspend or resume execution path. Otherwise, aie2_pm_set_dpm() is called.
Title accel/amdxdna: Fix race condition when checking rpm_on
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:14:51.799Z

Reserved: 2026-05-08T13:14:33.087Z

Link: CVE-2025-71303

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:16:42.733

Modified: 2026-05-27T14:48:31.480

Link: CVE-2025-71303

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T16:15:05Z

Weaknesses

No weakness.