CVE-2025-71308 Linux CVE debrief

Who should care

Organizations running Linux systems with AMD XDNA AI accelerators (Ryzen AI, Instinct MI series with XDNA), cloud providers offering AMD AI instances, and kernel maintainers responsible for AI accelerator driver security.

Technical summary

The AMD XDNA driver in the Linux kernel's accel/amdxdna subsystem contains a NULL pointer dereference in its error handling path. The function aie2_create_context() can fail during mailbox channel creation, leaving the context's mailbox channel pointer as NULL. The subsequent error cleanup calls aie_destroy_context(), which dereferences this pointer without validation. The resolution replaces the unsafe cleanup call with a firmware request to remove the partially created context, preventing the NULL pointer dereference.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the fix commits when available from your Linux distribution
• Monitor stable kernel releases for backports of the fix to affected long-term support (LTS) kernels
• Review systems utilizing AMD XDNA AI accelerators for kernel driver exposure
• Consider disabling AMD XDNA driver if not required until patch is applied

Evidence notes

Vulnerability description sourced from official CVE record and NVD entry. Fix commits identified in kernel.org stable tree.

Official resources