CVE-2025-68732
CVE-2025-68732 is a security vulnerability that is still awaiting full analysis and scoring. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- EPSS exploit prediction: 0% (6th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-205065
- Published:
- Last modified:
Description
In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix race in syncpt alloc/free Fix race condition between host1x_syncpt_alloc() and host1x_syncpt_put() by using kref_put_mutex() instead of kref_put() + manual mutex locking. This ensures no thread can acquire the syncpt_mutex after the refcount drops to zero but before syncpt_release acquires it. This prevents races where syncpoints could be allocated while still being cleaned up from a previous release. Remove explicit mutex locking in syncpt_release as kref_put_mutex() handles this atomically.
Frequently asked questions
- What is CVE-2025-68732?
- In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix race in syncpt alloc/free Fix race condition between host1x_syncpt_alloc() and host1x_syncpt_put() by using kref_put_mutex() instead of kref_put() + manual mutex locking. This ensures no thread can acquire the syncpt_mutex after the refcount drops to zero but before syncpt_release acquires it. This prevents races where syncpoints could be allocated while still being cleaned up from a previous release. Remove explicit mutex locking in syncpt_release as kref_put_mutex() handles this atomically.
- Is CVE-2025-68732 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (6th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2025-68732?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2025-68732 have an EU (EUVD) identifier?
- Yes. CVE-2025-68732 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-205065.
- When was CVE-2025-68732 published?
- CVE-2025-68732 was published on 2025-12-24 and last updated on 2026-06-17.
References
- https://git.kernel.org/stable/c/4aeaece518fa4436af93d1d8b786200d9656ff4b
- https://git.kernel.org/stable/c/4e6e07ce0197aecfb6c4a62862acc93b3efedeb7
- https://git.kernel.org/stable/c/6245cce711e2cdb2cc75c0bb8632952e36f8c972
- https://git.kernel.org/stable/c/79197c6007f2afbfd7bcf5b9b80ccabf8483d774
- https://git.kernel.org/stable/c/c7d393267c497502fa737607f435f05dfe6e3d9b
- https://git.kernel.org/stable/c/ca9388fba50dac2eb71c13702b7022a801bef90e
- https://git.kernel.org/stable/c/d138f73ffb0c57ded473c577719e6e551b7b1f27