Reference Count Vulnerability in Linux Kernel Affecting AMD GPU Drivers
CVE-2025-40191

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40191?

A vulnerability in the Linux kernel related to AMD GPU drivers allows for a reference count leak when unmapping user pointer processes. Specifically, the function 'kfd_lookup_process_by_pid' can inadvertently leak a reference count to the kfd process, leading to potential stability issues if the application process has already been destroyed. This flaw underscores the importance of proper reference management and NULL pointer checks in user-space event handling.

Affected Version(s)

Linux 2d274bf7099bc5e95fabaa93f23d0eb2977187ad < 60f6112fc9b3ba0eae519f10702c0c13bab45742

Linux 2d274bf7099bc5e95fabaa93f23d0eb2977187ad < 58e6fc2fb94f0f409447e5d46cf6a417b6397fbc

Linux 6.16

References

https://git.kernel.org/stable/c/60f6112fc9b3ba0eae519f107...

https://git.kernel.org/stable/c/58e6fc2fb94f0f409447e5d46...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON