Primary

Context

Linux Kernel IVPU Driver Recovery Work Queuing Vulnerability During Device Removal

Vulnerability

Patched

A vulnerability in the Linux kernel's IVPU driver could lead to use-after-free bugs by allowing recovery work to be scheduled even after device removal had begun. This issue has been addressed by changing the recovery work cancellation process to ensure no new recovery tasks can be queued once device removal starts. The vulnerability affects Linux kernel versions 6.8 and later.

Impact

The vulnerability could cause use-after-free bugs by allowing recovery processes to access resources that have already been freed, potentially leading to memory corruption or other unintended behavior.

Added: Oct 1, 2025, 8:48 AM

Updated: Oct 1, 2025, 8:48 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel IVPU Driver Recovery Work Queuing Vulnerability During Device Removal

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating