A race condition between job abort and device run in the Linux kernel amphion driver can cause a kernel panic due to premature memory deallocation.

The vulnerability is a race condition where v4l2_m2m_ctx_release() frees the m2m_ctx structure while v4l2_m2m_try_run() is concurrently attempting to call device_run using the same context. This leads to a kernel panic when the driver attempts to access the freed memory.

This vulnerability can be exploited to cause a denial-of-service (system panic) on devices using the Amphion VPU. With a CVSS score of 7.8, it represents a high-severity risk to system reliability.

Immediate Action: Update the kernel to a version that properly synchronizes the job abort and device run paths in the amphion driver.

Proactive Monitoring: Monitor for kernel panics associated with video processing tasks.

Compensating Controls: If possible, restrict access to the video hardware nodes to authorized processes.

Public Exploit Available: false

This update is vital for maintaining the stability of systems utilizing Amphion video drivers. Administrators should apply the kernel patches as soon as they are made available by their distribution vendor.