NULL Pointer Dereference in VRAM Logic for AMD APU Devices
CVE-2025-40288

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 December 2025

What is CVE-2025-40288?

A vulnerability exists in the Linux kernel affecting AMD APU devices due to a NULL pointer dereference in the VRAM management logic. Specifically, uninitialized VRAM managers cause the ttm_resource_manager_usage() function to access a NULL pointer, leading to system instability. The vulnerability is particularly prevalent in APU platforms, where the device backing pointer remains uninitialized due to the absence of dedicated VRAM. Enhanced checks have been implemented to prevent this occurrence, including skipping VRAM-specific logic for uninitialized managers and ensuring safe access to memory reporting functions. This makes the kernel more robust against potential dereferences of NULL pointers across various device scenarios.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1243e396148a65bb6c42a2b70fe43e50c16c494f

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 43aa61c18a3a45042b098b7a1186ffb29364002c

References

https://git.kernel.org/stable/c/e70113b741ba253886cd71dba...

https://git.kernel.org/stable/c/1243e396148a65bb6c42a2b70...

https://git.kernel.org/stable/c/43aa61c18a3a45042b098b7a1...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2025
Vulnerability Reserved
Apr 16, 2025

JSON