CVE-2025-21940

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/amdkfd: Fix NULL Pointer Dereference in KFD queue

Through KFD IOCTL Fuzzing we encountered a NULL pointer derefrence when calling kfd_queue_acquire_buffers.

(cherry picked from commit 049e5bf3c8406f87c3d8e1958e0a16804fa1d530)

Affected Software

VendorProductVersion RangeStatus
LinuxLinux629568d25fea8ece4f65073f039aeef4e240ab67 < c3cbeafb4e0001d9146df50b470885e02664f3c7affected
LinuxLinux629568d25fea8ece4f65073f039aeef4e240ab67 < 33eb8041c5d6c19d46e7bfd23a031844336afd80affected
LinuxLinux629568d25fea8ece4f65073f039aeef4e240ab67 < fd617ea3b79d2116d53f76cdb5a3601c0ba6e42faffected
LinuxLinux6.12affected
LinuxLinux0 < 6.12unaffected
LinuxLinux6.12.19 <= 6.12.*unaffected
LinuxLinux6.13.7 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References