CVE-2025-68207
Description
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/guc: Synchronize Dead CT worker with unbind
Cancel and wait for any Dead CT worker to complete before continuing with device unbinding. Else the worker will end up using resources freed by the undind operation.
(cherry picked from commit 492671339114e376aaa38626d637a2751cdef263)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel, a use-after-free in DRM/Xe/GUC was fixed by synchronizing the Dead CT worker with device unbinding to prevent resource use after free.
Vulnerability
Description The vulnerability resides in the Linux kernel's DRM/Xe/GUC subsystem. During device unbinding, a race condition can occur where the Dead CT (Communication Transport) worker continues to execute after the resources it depends on have been freed. The fix cancels and waits for any pending Dead CT worker before proceeding with unbinding, preventing use-after-free.
Exploitation
To exploit this, an attacker would need local access and the ability to trigger device unbinding while a Dead CT worker is active. This requires specific conditions in the graphics driver's lifecycle.
Impact
An unprivileged local user could potentially exploit this to achieve code execution or system crash due to use-after-free.
Mitigation
The fix has been incorporated into the Linux kernel stable tree as commit 492671339114. Users should update their kernels to include this patch.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.