Skip to main content

Linux Kernel CVE-2025-68334

2025-12-22 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Lifecycle Timeline

3
Patch released
Mar 25, 2026 - 19:32 nvd
Patch available
Analysis Generated
Mar 25, 2026 - 11:22 vuln.today
CVE Published
Dec 22, 2025 - 17:16 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

platform/x86/amd/pmc: Add support for Van Gogh SoC

The ROG Xbox Ally (non-X) SoC features a similar architecture to the Steam Deck. While the Steam Deck supports S3 (s2idle causes a crash), this support was dropped by the Xbox Ally which only S0ix suspend.

Since the handler is missing here, this causes the device to not suspend and the AMD GPU driver to crash while trying to resume afterwards due to a power hang.

AnalysisAI

Linux kernel AMD platform management controller (PMC) driver lacks Van Gogh SoC suspend handler support, preventing S0ix suspend operations on affected devices and causing GPU driver crashes during resume due to power management failures. ASUS ROG Ally (non-X) handheld gaming devices are directly impacted. Local attackers or unprivileged users can trigger denial of service by attempting system suspend, rendering the device unresponsive and forcing a hard reboot. The vulnerability carries low exploitation probability (EPSS 0.03%) but affects a specific consumer hardware class; upstream patches are available in stable kernel branches.

Technical ContextAI

The vulnerability exists in the platform/x86/amd/pmc Linux kernel subsystem, which manages power states on AMD SoCs through the Platform Management Controller interface. The Van Gogh SoC (used in ASUS ROG Ally non-X models) implements S0ix (S0 with CPU and uncore subsystem idle) rather than S3 suspend-to-RAM like Steam Deck variants. The missing handler prevents proper firmware communication during S0ix transitions, leaving power rails and GPU clocks in inconsistent states. When the AMD GPU driver attempts to resume, it encounters a hardware power hang, triggering a crash. This is categorized as a missing feature/handler implementation rather than a buffer overflow or memory corruption, falling under improper resource management patterns. The root cause is incomplete device support matrix in the pmc.c platform driver code.

Affected ProductsAI

Linux kernel versions prior to the fixes integrated into stable branches are affected, specifically on systems running ASUS ROG Ally (non-X) and other devices using the Van Gogh SoC. Kernel commits 8af210df4f71dda74dc027da69372a028c6d4d84, 9654c56b111cd1415aca7e77f0c63c109453c409, 996092ba6df66e2ac8cf9022007a7c8a412e7733, and db4a3f0fbedb0398f77b9047e8b8bb2b49f355bb in the stable kernel repository represent the corrective patches. Ubuntu advisory USN-8094-4 references this CVE, indicating inclusion in Ubuntu kernel security updates. The exact upstream kernel version ranges are not explicitly specified in the provided data, but patches are available in stable Git branches as referenced at https://git.kernel.org/stable/.

RemediationAI

Update the Linux kernel to a version incorporating the Van Gogh PMC handler fixes available in stable kernel branches (commits referenced at https://git.kernel.org/stable/c/8af210df4f71dda74dc027da69372a028c6d4d84 and related commits). For Ubuntu systems, apply USN-8094-4 security updates. If immediate patching is not feasible, disable S0ix suspend and enforce S3 suspend via kernel command-line parameter 'mem_sleep_default=deep' or BIOS settings where available; note that S3 may not be fully supported on Xbox Ally hardware. Users should avoid suspending the device until patches are applied, relying instead on screen timeout and manual power-off. Hardware vendors (ASUS) may release BIOS updates that implement PMC firmware corrections independently of kernel updates.

CVE-2022-0847 HIGH POC
7.8 Mar 10

Linux kernel contains a flaw known as 'Dirty Pipe' where improper pipe buffer flag initialization allows unprivileged lo

CVE-2015-1328 HIGH POC
7.8 Nov 28

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does no

CVE-2017-7308 HIGH POC
7.8 Mar 29

The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate cer

CVE-2017-16995 HIGH POC
7.8 Dec 27

The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial

CVE-2017-1000112 HIGH POC
7.0 Oct 05

Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. Rated high severity (CVSS 7.0). Public ex

CVE-2015-8660 MEDIUM POC
6.7 Dec 28

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr op

CVE-2012-0056 MEDIUM POC
6.9 Jan 27

The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when

CVE-2014-0038 MEDIUM POC
6.9 Feb 06

The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allo

CVE-2016-8655 HIGH POC
7.8 Dec 08

Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cau

CVE-2016-0728 HIGH POC
7.8 Feb 08

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object ref

CVE-2017-0561 CRITICAL POC
9.8 Apr 07

A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary

CVE-2022-2588 MEDIUM POC
5.3 Jan 08

It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the h

Share

CVE-2025-68334 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy