CVE-2025-21842

The destructor of a gtt bo is declared as void amdgpuamdkfdfreegttmem(struct amdgpudevice *adev, void memobj); Which takes void as the second parameter.

GCC allows passing void* to the function because void* can be implicitly casted to any other types, so it can pass compiling.

However, passing this void* parameter into the function's execution process(which expects void* and dereferencing void*) will result in errors.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

fb91065851cd5f2735348c5f3eddeeca3d7c2973

Fixed

ae5ab1c1ae504f622cc1ff48830a9ed48428146d

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

fb91065851cd5f2735348c5f3eddeeca3d7c2973

Fixed

091a68c58c1bbd2ab7d05d1b32c1306394ec691d

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

fb91065851cd5f2735348c5f3eddeeca3d7c2973

Fixed

a33f7f9660705fb2ecf3467b2c48965564f392ce

Affected versions

v6.*

v6.10

v6.10-rc7

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.12

v6.12-rc1

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.12-rc5

v6.12-rc6

v6.12-rc7

v6.12.1

v6.12.10

v6.12.11

v6.12.12

v6.12.13

v6.12.14

v6.12.15

v6.12.2

v6.12.3

v6.12.4

v6.12.5

v6.12.6

v6.12.7

v6.12.8

v6.12.9

v6.13

v6.13-rc1

v6.13-rc2

v6.13-rc3

v6.13-rc4

v6.13-rc5

v6.13-rc6

v6.13-rc7

v6.13.1

v6.13.2

v6.13.3

v6.14-rc1

Database specific

vanir_signatures

[
    {
        "id": "CVE-2025-21842-2f6d5e30",
        "signature_version": "v1",
        "digest": {
            "function_hash": "239424150989992999501389479870608771905",
            "length": 1437.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@091a68c58c1bbd2ab7d05d1b32c1306394ec691d",
        "target": {
            "file": "drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c",
            "function": "init_user_queue"
        }
    },
    {
        "id": "CVE-2025-21842-4a64de53",
        "signature_version": "v1",
        "digest": {
            "function_hash": "34867582122560091356344227693284445120",
            "length": 1453.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ae5ab1c1ae504f622cc1ff48830a9ed48428146d",
        "target": {
            "file": "drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c",
            "function": "init_user_queue"
        }
    },
    {
        "id": "CVE-2025-21842-b3f0c19b",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "235461863539080446552472675123262260091",
                "239946273514682999177713885685850513339",
                "274107748142004844166479148596558446803",
                "198069782179060931851184792739383242349"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ae5ab1c1ae504f622cc1ff48830a9ed48428146d",
        "target": {
            "file": "drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c"
        }
    },
    {
        "id": "CVE-2025-21842-b7cfb028",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "235461863539080446552472675123262260091",
                "239946273514682999177713885685850513339",
                "274107748142004844166479148596558446803",
                "198069782179060931851184792739383242349"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@091a68c58c1bbd2ab7d05d1b32c1306394ec691d",
        "target": {
            "file": "drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c"
        }
    },
    {
        "id": "CVE-2025-21842-ba4c080a",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "235461863539080446552472675123262260091",
                "239946273514682999177713885685850513339",
                "274107748142004844166479148596558446803",
                "198069782179060931851184792739383242349"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a33f7f9660705fb2ecf3467b2c48965564f392ce",
        "target": {
            "file": "drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c"
        }
    },
    {
        "id": "CVE-2025-21842-eab56d2a",
        "signature_version": "v1",
        "digest": {
            "function_hash": "239424150989992999501389479870608771905",
            "length": 1437.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a33f7f9660705fb2ecf3467b2c48965564f392ce",
        "target": {
            "file": "drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c",
            "function": "init_user_queue"
        }
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.12.0

Fixed

6.12.16

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.13.4