Linux Kernel Vulnerability in AMD GPU Driver
CVE-2025-40339

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-40339?

A vulnerability in the Linux kernel’s AMD GPU driver can lead to null pointer dereference issues during memory management. Specifically, if an amdgpu_bo_va is linked to fpriv->prt_va, it will consistently point to NULL. This mismanagement necessitates that such amdgpu_bo_va instances be updated distinctly prior to executing amdgpu_vm_handle_moved, or risk system instability. Security measures should be reviewed to mitigate potential attacks exploiting this flaw.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 47281febebe337586569aa4c5694a7511063a42e

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 273d1ea12e42e9babb9783837906f3c466f213d3

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 859958a7faefe5b7742b7b8cdbc170713d4bf158

References

https://git.kernel.org/stable/c/47281febebe337586569aa4c5...

https://git.kernel.org/stable/c/273d1ea12e42e9babb9783837...

https://git.kernel.org/stable/c/859958a7faefe5b7742b7b8cd...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Apr 16, 2025

JSON