CVE-2025-21940 — NULL Pointer Dereference in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 84.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 1
Description
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Fix NULL Pointer Dereference in KFD queue
Through KFD IOCTL Fuzzing we encountered a NULL pointer derefrence
when calling kfd_queue_acquire_buffers.
(cherry picked from commit 049e5bf3c8406f87c3d8e1958e0a16804fa1d530)
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
▶CVEListV5linux/linux629568d25fea8ece4f65073f039aeef4e240ab67 — c3cbeafb4e0001d9146df50b470885e02664f3c7+3
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-f3mw-fg4x-6x2p: In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Fix NULL Pointer Dereference in KFD queue
Through KFD IOCTL Fuzzing↗2025-04-01
OSV▶
CVE-2025-21940: In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL Pointer Dereference in KFD queue Through KFD IOCTL Fuzzing we↗2025-04-01