ghsa-fq6q-p88p-jgr2
Vulnerability from github
Published
2025-05-09 09:33
Modified
2025-05-09 09:33
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amdkfd: Fix mode1 reset crash issue

If HW scheduler hangs and mode1 reset is used to recover GPU, KFD signal user space to abort the processes. After process abort exit, user queues still use the GPU to access system memory before h/w is reset while KFD cleanup worker free system memory and free VRAM.

There is use-after-free race bug that KFD allocate and reuse the freed system memory, and user queue write to the same system memory to corrupt the data structure and cause driver crash.

To fix this race, KFD cleanup worker terminate user queues, then flush reset_domain wq to wait for any GPU ongoing reset complete, and then free outstanding BOs.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-37854"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-09T07:16:06Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix mode1 reset crash issue\n\nIf HW scheduler hangs and mode1 reset is used to recover GPU, KFD signal\nuser space to abort the processes. After process abort exit, user queues\nstill use the GPU to access system memory before h/w is reset while KFD\ncleanup worker free system memory and free VRAM.\n\nThere is use-after-free race bug that KFD allocate and reuse the freed\nsystem memory, and user queue write to the same system memory to corrupt\nthe data structure and cause driver crash.\n\nTo fix this race, KFD cleanup worker terminate user queues, then flush\nreset_domain wq to wait for any GPU ongoing reset complete, and then\nfree outstanding BOs.",
  "id": "GHSA-fq6q-p88p-jgr2",
  "modified": "2025-05-09T09:33:19Z",
  "published": "2025-05-09T09:33:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37854"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/57c9dabda80ac167de8cd71231baae37cc2f442d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6f30a847432cae84c7428e9b684b3e3fa49b2391"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/89af6b39f028c130d4362f57042927f005423e6a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9c4bcdf4068aae3e17e31c144300be405cfa03ff"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f0b4440cdc1807bb6ec3dce0d6de81170803569b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ffd37d7d44d7e0b6e769d4fe6590e327f8cc3951"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.