NULL Pointer Dereference in VRAM Logic for AMD APU Devices
CVE-2025-40288

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
6 December 2025

What is CVE-2025-40288?

A vulnerability exists in the Linux kernel affecting AMD APU devices due to a NULL pointer dereference in the VRAM management logic. Specifically, uninitialized VRAM managers cause the ttm_resource_manager_usage() function to access a NULL pointer, leading to system instability. The vulnerability is particularly prevalent in APU platforms, where the device backing pointer remains uninitialized due to the absence of dedicated VRAM. Enhanced checks have been implemented to prevent this occurrence, including skipping VRAM-specific logic for uninitialized managers and ensuring safe access to memory reporting functions. This makes the kernel more robust against potential dereferences of NULL pointers across various device scenarios.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux d38ceaf99ed015f2a0b9af3499791bd3a3daae21

Linux d38ceaf99ed015f2a0b9af3499791bd3a3daae21 < 1243e396148a65bb6c42a2b70fe43e50c16c494f

Linux d38ceaf99ed015f2a0b9af3499791bd3a3daae21 < 43aa61c18a3a45042b098b7a1186ffb29364002c

References

https://git.kernel.org/stable/c/e70113b741ba253886cd71dba...
https://git.kernel.org/stable/c/1243e396148a65bb6c42a2b70...
https://git.kernel.org/stable/c/43aa61c18a3a45042b098b7a1...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.