CVE-2025-21842

Summary

In the Linux kernel, the following vulnerability has been resolved:

amdkfd: properly free gang_ctx_bo when failed to init user queue

The destructor of a gtt bo is declared as void amdgpu_amdkfd_free_gtt_mem(struct amdgpu_device *adev, void mem_obj); Which takes void as the second parameter.

GCC allows passing void* to the function because void* can be implicitly casted to any other types, so it can pass compiling.

However, passing this void* parameter into the function's execution process(which expects void** and dereferencing void**) will result in errors.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxfb91065851cd5f2735348c5f3eddeeca3d7c2973 < ae5ab1c1ae504f622cc1ff48830a9ed48428146daffected
LinuxLinuxfb91065851cd5f2735348c5f3eddeeca3d7c2973 < 091a68c58c1bbd2ab7d05d1b32c1306394ec691daffected
LinuxLinuxfb91065851cd5f2735348c5f3eddeeca3d7c2973 < a33f7f9660705fb2ecf3467b2c48965564f392ceaffected
LinuxLinux6.12affected
LinuxLinux0 < 6.12unaffected
LinuxLinux6.12.16 <= 6.12.*unaffected
LinuxLinux6.13.4 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

References