CVE-2025-40288
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-06

Last updated on: 2025-12-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices Previously, APU platforms (and other scenarios with uninitialized VRAM managers) triggered a NULL pointer dereference in `ttm_resource_manager_usage()`. The root cause is not that the `struct ttm_resource_manager *man` pointer itself is NULL, but that `man->bdev` (the backing device pointer within the manager) remains uninitialized (NULL) on APUsβ€”since APUs lack dedicated VRAM and do not fully set up VRAM manager structures. When `ttm_resource_manager_usage()` attempts to acquire `man->bdev->lru_lock`, it dereferences the NULL `man->bdev`, leading to a kernel OOPS. 1. **amdgpu_cs.c**: Extend the existing bandwidth control check in `amdgpu_cs_get_threshold_for_moves()` to include a check for `ttm_resource_manager_used()`. If the manager is not used (uninitialized `bdev`), return 0 for migration thresholds immediatelyβ€”skipping VRAM-specific logic that would trigger the NULL dereference. 2. **amdgpu_kms.c**: Update the `AMDGPU_INFO_VRAM_USAGE` ioctl and memory info reporting to use a conditional: if the manager is used, return the real VRAM usage; otherwise, return 0. This avoids accessing `man->bdev` when it is NULL. 3. **amdgpu_virt.c**: Modify the vf2pf (virtual function to physical function) data write path. Use `ttm_resource_manager_used()` to check validity: if the manager is usable, calculate `fb_usage` from VRAM usage; otherwise, set `fb_usage` to 0 (APUs have no discrete framebuffer to report). This approach is more robust than APU-specific checks because it: - Works for all scenarios where the VRAM manager is uninitialized (not just APUs), - Aligns with TTM's design by using its native helper function, - Preserves correct behavior for discrete GPUs (which have fully initialized `man->bdev` and pass the `ttm_resource_manager_used()` check). v4: use ttm_resource_manager_used(&adev->mman.vram_mgr.manager) instead of checking the adev->gmc.is_app_apu flag (Christian)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-06
Last Modified
2025-12-08
Generated
2026-05-07
AI Q&A
2025-12-07
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40288
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a NULL pointer dereference in the Linux kernel's AMDGPU driver affecting APU devices. Specifically, the VRAM manager's backing device pointer (man->bdev) remains uninitialized (NULL) on APUs because they lack dedicated VRAM and do not fully set up VRAM manager structures. When the function ttm_resource_manager_usage() tries to access man->bdev->lru_lock, it dereferences a NULL pointer, causing a kernel crash (OOPS). The fix involves adding checks to ensure the VRAM manager is initialized before accessing its members, preventing the NULL dereference.


How can this vulnerability impact me? :

This vulnerability can cause a kernel crash (kernel OOPS) on systems using APU devices with the affected Linux kernel. Such crashes can lead to system instability, unexpected reboots, or denial of service, impacting system availability and reliability.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the NULL pointer dereference in the VRAM logic for APU devices. The fix involves using the ttm_resource_manager_used() function to check the validity of the VRAM manager before accessing its members, preventing kernel OOPS caused by uninitialized VRAM managers on APU platforms. Applying the updated kernel will prevent the NULL pointer dereference by ensuring proper checks are in place.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart