CVE-2025-21940

MEDIUM EPSS 7.2%
Published Apr 1, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Apr 1, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL Pointer Dereference in KFD queue Through KFD IOCTL Fuzzing we encountered a NULL pointer derefrence when calling kfd_queue_acquire_buffers. (cherry picked from commit 049e5bf3c8406f87c3d8e1958e0a16804fa1d530)

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
7.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥6.12  –  <6.12.19
linuxlinux_kernel*≥6.13  –  <6.13.7
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/33eb8041c5d6c19d46e7bfd23a031844336afd80
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c3cbeafb4e0001d9146df50b470885e02664f3c7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fd617ea3b79d2116d53f76cdb5a3601c0ba6e42f
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/33eb8041c5d6c19d46e7bfd23a031844336afd80
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c3cbeafb4e0001d9146df50b470885e02664f3c7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fd617ea3b79d2116d53f76cdb5a3601c0ba6e42f
    Patch