CVE-2025-40332
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's drm/amdkfd component where a mmap write lock is not properly released during a draining retry fault. Specifically, when the mmap write lock is taken and the system tries to restore pages, it incorrectly calls mmap_read_unlock instead of releasing the write lock. This leads to a deadlock situation where subsequent attempts to acquire mmap read or write locks hang, causing the system to become unresponsive.
How can this vulnerability impact me? :
The vulnerability can cause the system to deadlock and hang because the mmap write lock is never released properly. This means that processes requiring read or write access to mmap regions may become blocked indefinitely, leading to system instability and potential downtime.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to the fixed version of the Linux kernel where the mmap write lock issue in drm/amdkfd has been resolved by downgrading the mmap write lock to a read lock during draining retry fault. This will prevent deadlocks and system hangs caused by the lock not being released.