Linux Kernel Use-After-Free Vulnerability in AMD GPU Driver

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's AMD GPU driver (drm/amdkfd). This issue arises when the hardware scheduler hangs and a mode1 reset is applied to recover the GPU. During this process, the Kernel Fusion Driver (KFD) signals user space to abort processes. However, after the processes are terminated, user queues can still access system memory via the GPU before the hardware is fully reset. Meanwhile, the KFD cleanup worker frees the system memory and releases video RAM. This creates a race condition where KFD can allocate and reuse the freed memory, allowing user queue writes to corrupt data structures and cause driver crashes.

Impact

Exploitation of this vulnerability leads to memory corruption and driver crashes.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Use-After-Free Vulnerability in AMD GPU Driver

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating