Wiz
Vulnerability DatabaseCVE-2025-40288

CVE-2025-40288
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices

Previously, APU platforms (and other scenarios with uninitialized VRAM managers) triggered a NULL pointer dereference in ttm_resource_manager_usage(). The root cause is not that the struct ttm_resource_manager *man pointer itself is NULL, but that man->bdev (the backing device pointer within the manager) remains uninitialized (NULL) on APUs—since APUs lack dedicated VRAM and do not fully set up VRAM manager structures. When ttm_resource_manager_usage() attempts to acquire man->bdev->lru_lock, it dereferences the NULL man->bdev, leading to a kernel OOPS.

  1. amdgpu_cs.c: Extend the existing bandwidth control check in amdgpu_cs_get_threshold_for_moves() to include a check for ttm_resource_manager_used(). If the manager is not used (uninitialized bdev), return 0 for migration thresholds immediately—skipping VRAM-specific logic that would trigger the NULL dereference.

  2. amdgpu_kms.c: Update the AMDGPU_INFO_VRAM_USAGE ioctl and memory info reporting to use a conditional: if the manager is used, return the real VRAM usage; otherwise, return 0. This avoids accessing man->bdev when it is NULL.

  3. amdgpu_virt.c: Modify the vf2pf (virtual function to physical function) data write path. Use ttm_resource_manager_used() to check validity: if the manager is usable, calculate fb_usage from VRAM usage; otherwise, set fb_usage to 0 (APUs have no discrete framebuffer to report).

This approach is more robust than APU-specific checks because it:

  • Works for all scenarios where the VRAM manager is uninitialized (not just APUs),
  • Aligns with TTM's design by using its native helper function,
  • Preserves correct behavior for discrete GPUs (which have fully initialized man->bdev and pass the ttm_resource_manager_used() check).

v4: use ttm_resource_manager_used(&adev->mman.vram_mgr.manager) instead of checking the adev->gmc.is_app_apu flag (Christian)

SourceNVD

Related Linux Kernel vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-71142N/AN/A
  • Linux KernelLinux Kernel
  • kernel-64k-modules-internal
NoNoJan 14, 2026
CVE-2025-71137N/AN/A
  • Linux KernelLinux Kernel
  • libperf-devel
NoYesJan 14, 2026
CVE-2025-71135N/AN/A
  • Linux KernelLinux Kernel
  • libperf-devel
NoNoJan 14, 2026
CVE-2025-71134N/AN/A
  • Linux KernelLinux Kernel
  • kernel-64k-devel
NoNoJan 14, 2026
CVE-2025-71133N/AN/A
  • Linux KernelLinux Kernel
  • kernel-64k-debug-modules-partner
NoYesJan 14, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo