{
  "threat_severity" : "Low",
  "public_date" : "2025-12-22T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Linux kernel: Denial of Service due to missing power management handler for AMD Van Gogh SoC",
    "id" : "2424331",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2424331"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-431",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nplatform/x86/amd/pmc: Add support for Van Gogh SoC\nThe ROG Xbox Ally (non-X) SoC features a similar architecture to the\nSteam Deck. While the Steam Deck supports S3 (s2idle causes a crash),\nthis support was dropped by the Xbox Ally which only S0ix suspend.\nSince the handler is missing here, this causes the device to not suspend\nand the AMD GPU driver to crash while trying to resume afterwards due to\na power hang.", "A flaw was found in the Linux kernel's power management module for AMD Van Gogh System-on-Chip (SoC) devices. A local user could exploit this by attempting to suspend the system. Due to a missing handler for the S0ix suspend state, the device fails to suspend, causing the AMD GPU driver to crash during resume. This leads to a Denial of Service (DoS) on the affected system." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-68334\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-68334\nhttps://lore.kernel.org/linux-cve-announce/2025122220-CVE-2025-68334-b63c@gregkh/T" ],
  "name" : "CVE-2025-68334",
  "csaw" : false
}