CVE-2025-37854

drm/amdkfd: Fix mode1 reset crash issue

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MITRE

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix mode1 reset crash issue If HW scheduler hangs and mode1 reset is used to recover GPU, KFD signal
user space to abort the processes. After process abort exit, user queues
still use the GPU to access system memory before h/w is reset while KFD
cleanup worker free system memory and free VRAM. There is use-after-free race bug that KFD allocate and reuse the freed
system memory, and user queue write to the same system memory to corrupt
the data structure and cause driver crash. To fix this race, KFD cleanup worker terminate user queues, then flush
reset_domain wq to wait for any GPU ongoing reset complete, and then
free outstanding BOs.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-04-16 CVE Reserved
2025-05-09 CVE Published
2025-05-09 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/57c9dabda80ac167de8cd71231baae37cc2f442d	2025-04-25
https://git.kernel.org/stable/c/89af6b39f028c130d4362f57042927f005423e6a	2025-04-25
https://git.kernel.org/stable/c/ffd37d7d44d7e0b6e769d4fe6590e327f8cc3951	2025-04-20
https://git.kernel.org/stable/c/6f30a847432cae84c7428e9b684b3e3fa49b2391	2025-04-20
https://git.kernel.org/stable/c/9c4bcdf4068aae3e17e31c144300be405cfa03ff	2025-04-20
https://git.kernel.org/stable/c/f0b4440cdc1807bb6ec3dce0d6de81170803569b	2025-02-27

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.135 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.135"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.88 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.88"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.12.24 Search vendor "Linux" for product "Linux Kernel" and version " < 6.12.24"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.13.12 Search vendor "Linux" for product "Linux Kernel" and version " < 6.13.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.14.3 Search vendor "Linux" for product "Linux Kernel" and version " < 6.14.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.15-rc1 Search vendor "Linux" for product "Linux Kernel" and version " < 6.15-rc1"		en		Affected