CVE-2025-39896

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s accel/ivpu subsystem where recovery work could be scheduled even after device removal was initiated, potentially leading to use-after-free issues if the recovery process accessed already freed resources. The issue stemmed from using cancel work sync() instead of disable work sync() in the ivpu dev fini() function. The function ivpu pm cancel recovery() was renamed to ivpu pm disable recovery() to accurately reflect its updated functionality.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.