CVE-2025-71303
MediumCVSS 4.7Exploitation Probability (EPSS)
Low risk1th percentile - higher than 1% of all known CVEs
Summary
In the Linux kernel, a race condition was found in the amdxdna driver. When autosuspend is triggered, the rpm_on flag indicates an ongoing suspend/resume operation, but a userspace application may submit a command during this window, which gets executed before the device has actually resumed, leading to unexpected behavior.
Risk Assessment
The organization is exposed to system instability or potential data corruption when commands are processed on a device that has not yet fully resumed after autosuspend.
Recommendation
Update the Linux kernel to a version containing the fix that removes the rpm_on flag and introduces the aie2_pm_set_dpm() function, which explicitly resumes the device before calling set_dpm().
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix race condition when checking rpm_on When autosuspend is triggered, driver rpm_on flag is set to indicate that a suspend/resume is already in progress. However, when a userspace application submits a command during this narrow window, amdxdna_pm_resume_get() may incorrectly skip the resume operation because the rpm_on flag is still set. This results in commands being submitted while the device has not actually resumed, causing unexpected behavior. The set_dpm() is called by suspend/resume, it relied on rpm_on flag to avoid calling into rpm suspend/resume recursivly. So to fix this, remove the use of the rpm_on flag entirely. Instead, introduce aie2_pm_set_dpm() which explicitly resumes the device before invoking set_dpm(). With this change, set_dpm() is called directly inside the suspend or resume execution path. Otherwise, aie2_pm_set_dpm() is called.

