CVE-2025-38598
- Source
- https://cve.org/CVERecord?id=CVE-2025-38598
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38598.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-38598
- Downstream
- Published
- 2025-08-19T17:03:33.308Z
- Modified
- 2026-04-02T12:48:02.782534Z
- Summary
- drm/amdgpu: fix use-after-free in amdgpu_userq_suspend+0x51a/0x5a0
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix use-after-free in amdgpuuserqsuspend+0x51a/0x5a0
[ +0.000020] BUG: KASAN: slab-use-after-free in amdgpuuserqsuspend+0x51a/0x5a0 [amdgpu] [ +0.000817] Read of size 8 at addr ffff88812eec8c58 by task amdpciunplug/1733
[ +0.000027] CPU: 10 UID: 0 PID: 1733 Comm: amdpciunplug Tainted: G W 6.14.0+ #2 [ +0.000009] Tainted: [W]=WARN [ +0.000003] Hardware name: ASUS System Product Name/ROG STRIX B550-F GAMING (WI-FI), BIOS 1401 12/03/2020 [ +0.000004] Call Trace: [ +0.000004] <TASK> [ +0.000003] dumpstacklvl+0x76/0xa0 [ +0.000011] printreport+0xce/0x600 [ +0.000009] ? srsoreturnthunk+0x5/0x5f [ +0.000006] ? kasancompletemodereportinfo+0x76/0x200 [ +0.000007] ? kasanaddrtoslab+0xd/0xb0 [ +0.000006] ? amdgpuuserqsuspend+0x51a/0x5a0 [amdgpu] [ +0.000707] kasanreport+0xbe/0x110 [ +0.000006] ? amdgpuuserq_suspend+0x51a/0x5a0 [amdgpu] [ +0.000541] __asanreportload8noabort+0x14/0x30 [ +0.000005] amdgpuuserqsuspend+0x51a/0x5a0 [amdgpu] [ +0.000535] ? stopcpsch+0x396/0x600 [amdgpu] [ +0.000556] ? stop_cpsch+0x429/0x600 [amdgpu] [ +0.000536] ? __pfxamdgpuuserqsuspend+0x10/0x10 [amdgpu] [ +0.000536] ? srsoreturnthunk+0x5/0x5f [ +0.000004] ? kgd2kfdsuspend+0x132/0x1d0 [amdgpu] [ +0.000542] amdgpudevicefinihw+0x581/0xe90 [amdgpu] [ +0.000485] ? downwrite+0xbb/0x140 [ +0.000007] ? __mutexunlockslowpath.constprop.0+0x317/0x360 [ +0.000005] ? __pfxamdgpudevicefinihw+0x10/0x10 [amdgpu] [ +0.000482] ? __kasancheckwrite+0x14/0x30 [ +0.000004] ? srso_returnthunk+0x5/0x5f [ +0.000004] ? upwrite+0x55/0xb0 [ +0.000007] ? srsoreturnthunk+0x5/0x5f [ +0.000005] ? blockingnotifierchainunregister+0x6c/0xc0 [ +0.000008] amdgpudriverunloadkms+0x69/0x90 [amdgpu] [ +0.000484] amdgpupciremove+0x93/0x130 [amdgpu] [ +0.000482] pcideviceremove+0xae/0x1e0 [ +0.000008] deviceremove+0xc7/0x180 [ +0.000008] devicereleasedriverinternal+0x3d4/0x5a0 [ +0.000007] devicereleasedriver+0x12/0x20 [ +0.000004] pcistopbusdevice+0x104/0x150 [ +0.000006] pcistopandremovebusdevicelocked+0x1b/0x40 [ +0.000005] removestore+0xd7/0xf0 [ +0.000005] ? __pfxremovestore+0x10/0x10 [ +0.000006] ? pfxcopyfromiter+0x10/0x10 [ +0.000006] ? __pfxdevattrstore+0x10/0x10 [ +0.000006] devattrstore+0x3f/0x80 [ +0.000006] sysfskfwrite+0x125/0x1d0 [ +0.000004] ? srsoreturn_thunk+0x5/0x5f [ +0.000005] ? __kasancheckwrite+0x14/0x30 [ +0.000005] kernfsfopwriteiter+0x2ea/0x490 [ +0.000005] ? rwverify_area+0x70/0x420 [ +0.000005] ? __pfxkernfsfopwriteiter+0x10/0x10 [ +0.000006] vfswrite+0x90d/0xe70 [ +0.000005] ? srsoreturn_thunk+0x5/0x5f [ +0.000005] ? __pfxvfswrite+0x10/0x10 [ +0.000004] ? localclock+0x15/0x30 [ +0.000008] ? srsoreturn_thunk+0x5/0x5f [ +0.000004] ? __kasanslabfree+0x5f/0x80 [ +0.000005] ? srsoreturnthunk+0x5/0x5f [ +0.000004] ? __kasancheckread+0x11/0x20 [ +0.000004] ? srsoreturnthunk+0x5/0x5f [ +0.000004] ? fdgetpos+0x1d3/0x500 [ +0.000007] ksyswrite+0x119/0x220 [ +0.000005] ? putname+0x1c/0x30 [ +0.000006] ? __pfxksyswrite+0x10/0x10 [ +0.000007] __x64syswrite+0x72/0xc0 [ +0.000006] x64syscall+0x18ab/0x26f0 [ +0.000006] do_syscall64+0x7c/0x170 [ +0.000004] ? srsoreturnthunk+0x5/0x5f [ +0.000004] ? pfxx64sysopenat+0x10/0x10 [ +0.000006] ? srsoreturnthunk+0x5/0x5f [ +0.000004] ? __kasancheckread+0x11/0x20 [ +0.000003] ? srsoreturnthunk+0x5/0x5f [ +0.000004] ? fpregsassertstateconsistent+0x21/0xb0 [ +0.000006] ? srsoreturnthunk+0x5/0x5f [ +0.000004] ? syscallexittousermode+0x4e/0x240 [ +0.000005] ? srsoreturnthunk+0x5/0x5f [ +0.000004] ? dosyscall64+0x88/0x170 [ +0.000003] ? srsoreturnthunk+0x5/0x5f [ +0.000004] ? irqentryexit+0x43/0x50 [ +0.000004] ? srsoreturnthunk+0x5 ---truncated---
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38598.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/96f663ae897b3e6ac17ced1d9b9c2ae9f165ad9a
- https://git.kernel.org/stable/c/a886d26f2c8f9e3f3c1869ae368d09c75daac553
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38598.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-38598
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git