CVE-2025-68171
Description
In the Linux kernel, the following vulnerability has been resolved:
x86/fpu: Ensure XFD state on signal delivery
Sean reported [1] the following splat when running KVM tests:
WARNING: CPU: 232 PID: 15391 at xfd_validate_state+0x65/0x70 Call Trace:
fpu__clear_user_states+0x9c/0x100 arch_do_signal_or_restart+0x142/0x210 exit_to_user_mode_loop+0x55/0x100 do_syscall_64+0x205/0x2c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53
Chao further identified [2] a reproducible scenario involving signal delivery: a non-AMX task is preempted by an AMX-enabled task which modifies the XFD MSR.
When the non-AMX task resumes and reloads XSTATE with init values, a warning is triggered due to a mismatch between fpstate::xfd and the CPU's current XFD state. fpu__clear_user_states() does not currently re-synchronize the XFD state after such preemption.
Invoke xfd_update_state() which detects and corrects the mismatch if there is a dynamic feature.
This also benefits the sigreturn path, as fpu__restore_sig() may call fpu__clear_user_states() when the sigframe is inaccessible.
[ dhansen: minor changelog munging ]
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel, a missing XFD state synchronization during signal delivery can lead to a warning and potential system instability.
Vulnerability
Details
The vulnerability is a missing synchronization of the XFD (eXtended Feature Disable) state in the Linux kernel's x86/fpu code during signal delivery. When a non-AMX task is preempted by an AMX-enabled task that alters the XFD MSR, the kernel's software state (fpstate::xfd) diverges from the hardware. Upon resumption and signal handling, fpu__clear_user_states() compares these values and triggers a warning due to mismatch, as reported by Sean [1].
Attack
Vector The issue manifests during signal delivery (or sigreturn) when the kernel calls fpu__clear_user_states() to initialize or restore XSTATE. It can be reproduced by a sequence where a non-AMX task is preempted by an AMX-enabled task that modifies XFD. No special privileges are required, and the scenario is reachable by any local user through normal process execution and signal handling, as identified by Chao [2].
Impact
The primary impact is a kernel WARNING splat, which indicates an unexpected kernel state. While not directly exploitable for privilege escalation, such inconsistencies can degrade stability and potentially lead to denial of service or other unintended behavior if left uncorrected.
Mitigation
The fix invokes xfd_update_state() in fpu__clear_user_states() to detect and correct any XFD mismatch. The resolution has been applied to the Linux stable tree; users should ensure their kernel is updated to include commits such as 3f735419c4b43cde42e6d408db39137b82474e31.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- git.kernel.org/stable/c/1811c610653c0cd21cc9add14595b7cffaeca511nvd
- git.kernel.org/stable/c/388eff894d6bc5f921e9bfff0e4b0ab2684a96e9nvd
- git.kernel.org/stable/c/3f735419c4b43cde42e6d408db39137b82474e31nvd
- git.kernel.org/stable/c/5b2619b488f1d08b960c43c6468dd0759e8b3035nvd
- git.kernel.org/stable/c/eefbfb722042fc9210d2e0ac2b063fd1abf51895nvd
News mentions
0No linked articles in our index yet.