CVE-2025-68207 | drm/xe/guc: Synchronize Dead CT worker with unbind

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Synchronize Dead CT worker with unbind Cancel and wait for any Dead CT worker to complete before continuing with device unbinding. Else the worker will end up using resources freed by the undind operation. (cherry picked from commit 492671339114e376aaa38626d637a2751cdef263)

Published: 2025-12-16 Last update: 2026-06-17 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Conclusion & alert: CVE-2025-68207 is rated Low Risk (6.3/100): low exploitation likelihood (EPSS 0.17%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2025-68207

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.02% 0.17% +0.15%
2 2025-12-17 0.02%

Full EPSS history (2 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2025-68207

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2025-68207

OS Trackers for CVE-2025-68207

vendor priority summary link
debian unimportant CVE-2025-68207 unimportant priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2025-68207
redhat low https://access.redhat.com/security/cve/CVE-2025-68207
suse medium CVE-2025-68207 severity moderate: SUSE including 384 source package names (13.2-9.1:libsystemd0-254.23-1.1, 13.2-9.1:libudev1-254.23-1.1, …), 907 product×package rows across 142 product lines (Container suse/sl-micro/6.0/baremetal-os-container, Container suse/sl-micro/6.0/base-os-container, … (142 product lines)): Fixed 392, Known Not Affected 259, Known Affected 231, First Fixed 25. https://www.suse.com/security/cve/CVE-2025-68207/
ubuntu medium CVE-2025-68207 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1405 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1010, ignored 178, not-affected 115, released 97, needed 5. https://ubuntu.com/security/CVE-2025-68207

Affected software / configurations for CVE-2025-68207

Vendor Product Version Raw CPE
linux linux_kernel >= 6.12.37, < 6.12.59 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 6.13, < 6.17.9 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 6.13, < 6.18 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

References for CVE-2025-68207

cvelogic Threat Intelligence