CVE-2025-71303 Overview
CVE-2025-71303 is a race condition vulnerability in the Linux kernel's accel/amdxdna driver, which supports AMD XDNA AI accelerator hardware. The flaw exists in the runtime power management (PM) logic that handles autosuspend and resume operations. When autosuspend triggers, the driver sets the rpm_on flag to signal an in-progress suspend or resume. A userspace command submitted during this narrow window causes amdxdna_pm_resume_get() to skip the resume operation, allowing commands to reach a device that has not actually resumed. The result is unexpected device behavior and potential instability in workloads relying on the AMD XDNA accelerator.
Critical Impact
A concurrent userspace command submitted during the autosuspend window can bypass the resume path, causing commands to execute against an unresumed device and producing unpredictable kernel and accelerator behavior.
Affected Products
- Linux kernel versions containing the accel/amdxdna driver prior to the upstream fix
- Systems using AMD XDNA AI accelerator hardware with the in-tree driver
- Distributions shipping affected stable kernel branches referenced in the upstream commits
Discovery Timeline
- 2026-05-27 - CVE-2025-71303 published to NVD
- 2026-05-27 - Last updated in NVD database
Technical Details for CVE-2025-71303
Vulnerability Analysis
The vulnerability is a race condition [CWE-362] in the runtime PM path of the accel/amdxdna driver. The driver uses an rpm_on flag to track whether a suspend or resume cycle is already underway. set_dpm() is invoked during suspend and resume, and the flag was originally introduced to prevent recursive PM calls from set_dpm() re-entering the runtime PM machinery.
The problem arises when autosuspend has set rpm_on but the device has not actually completed the resume transition. If a userspace process calls into the driver during this window, amdxdna_pm_resume_get() observes rpm_on as set and skips the resume. The command path then proceeds as if the accelerator were active, submitting work to hardware that is still suspended or mid-transition.
The EPSS score for this issue is 0.019% with a percentile of 5.698, reflecting limited likelihood of opportunistic exploitation. The practical risk centers on local denial of service and inconsistent accelerator state on affected hosts.
Root Cause
The root cause is the use of a non-atomic flag (rpm_on) to gate two different code paths: the recursion guard required by set_dpm() and the resume decision made by amdxdna_pm_resume_get(). Overloading a single flag for both purposes creates a time-of-check to time-of-use gap [CWE-367] between flag inspection and the actual device state.
Attack Vector
The attack vector is local. A userspace process with access to the AMD XDNA accelerator device node submits commands during the brief autosuspend window. No special privileges beyond standard device access are required to trigger the race, although the timing window is narrow and typically produced through repeated command submission concurrent with PM transitions.
No verified proof-of-concept code is published for this issue. The upstream fix removes the rpm_on flag entirely and introduces aie2_pm_set_dpm(), which explicitly resumes the device before invoking set_dpm(). The suspend and resume paths call set_dpm() directly, while all other callers route through aie2_pm_set_dpm(). See the upstream kernel commit for the patch.
Detection Methods for CVE-2025-71303
Indicators of Compromise
- Kernel log entries from the amdxdna driver reporting command submission failures, timeouts, or unexpected device state during or shortly after autosuspend transitions
- Userspace applications reporting accelerator command errors that correlate with system idle periods triggering runtime PM
- Unexpected resets or hangs of the AMD XDNA accelerator under workloads that intermittently idle the device
Detection Strategies
- Audit running kernel versions across endpoints and servers to identify hosts running the affected accel/amdxdna driver without the upstream fix
- Correlate dmesg output with PM state transitions to identify command submissions occurring during suspend or resume windows
- Monitor for repeated accelerator error conditions tied to specific application workloads that exercise autosuspend cycles
Monitoring Recommendations
- Forward kernel logs to a centralized logging or SIEM pipeline and alert on amdxdna error patterns
- Track kernel package versions in configuration management and flag hosts pinned to vulnerable releases
- Baseline accelerator workload behavior and alert on anomalous command failure rates following idle periods
How to Mitigate CVE-2025-71303
Immediate Actions Required
- Identify systems running kernels with the accel/amdxdna driver that predate the upstream fix
- Apply the patched stable kernel update from the relevant distribution as soon as it is available
- Restrict access to the AMD XDNA accelerator device node to trusted users and workloads until patching completes
Patch Information
The fix is available in the upstream Linux kernel stable tree. Two relevant commits are published: commit 00ffe45ece80 and commit e7cb75b6a512. The fix removes the rpm_on flag and introduces aie2_pm_set_dpm() to explicitly resume the device before changing DPM state. Apply the corresponding stable kernel update from your Linux distribution vendor.
Workarounds
- Disable runtime autosuspend for the AMD XDNA accelerator device via sysfs by writing on to the device's power/control attribute, eliminating the suspend window that triggers the race
- Unload the amdxdna kernel module on systems that do not actively use the AMD XDNA accelerator
- Limit access to the accelerator device node to a minimal set of trusted users while patches are pending
# Disable runtime PM autosuspend on the affected device to avoid the race window
# Replace <pci-id> with the AMD XDNA accelerator's PCI address
echo on | sudo tee /sys/bus/pci/devices/<pci-id>/power/control
# Alternatively, unload the driver if the accelerator is not in use
sudo modprobe -r amdxdna
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

