CVE-2025-40191
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-40191
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40191.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-40191
- Downstream
- Published
- 2025-11-12T21:56:31Z
- Modified
- 2025-11-13T03:10:34.593696Z
- Summary
- drm/amdkfd: Fix kfd process ref leaking when userptr unmapping
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Fix kfd process ref leaking when userptr unmapping
kfdlookupprocessbypid hold the kfd process reference to ensure it doesn't get destroyed while sending the segfault event to user space.
Calling kfdlookupprocessbypid as function parameter leaks the kfd process refcount and miss the NULL pointer check if app process is already destroyed.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2d274bf7099bc5e95fabaa93f23d0eb2977187adFixed60f6112fc9b3ba0eae519f10702c0c13bab45742
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2d274bf7099bc5e95fabaa93f23d0eb2977187adFixed58e6fc2fb94f0f409447e5d46cf6a417b6397fbc
Affected versions
v6.*
v6.14
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.17
v6.17-rc1
v6.17-rc2
v6.17-rc3
v6.17-rc4
v6.17-rc5
v6.17-rc6
v6.17-rc7
v6.17.1
v6.17.2
v6.17.3
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@58e6fc2fb94f0f409447e5d46cf6a417b6397fbc",
"signature_version": "v1",
"id": "CVE-2025-40191-273f191f",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"56434011708276967484295453067110493506",
"239325623944274255147804296161606547256",
"148712577500700021364530204382578735209",
"1788571672289631043362881607473772411",
"116707076569226569272181422596865532895",
"64894568579242859045967734687280498806",
"181297444854901823000974641078102728039",
"121703279704545106122758088115970669657"
]
},
"deprecated": false,
"target": {
"file": "drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@60f6112fc9b3ba0eae519f10702c0c13bab45742",
"signature_version": "v1",
"id": "CVE-2025-40191-70fceec5",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"56434011708276967484295453067110493506",
"239325623944274255147804296161606547256",
"148712577500700021364530204382578735209",
"1788571672289631043362881607473772411",
"116707076569226569272181422596865532895",
"64894568579242859045967734687280498806",
"181297444854901823000974641078102728039",
"121703279704545106122758088115970669657"
]
},
"deprecated": false,
"target": {
"file": "drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@58e6fc2fb94f0f409447e5d46cf6a417b6397fbc",
"signature_version": "v1",
"id": "CVE-2025-40191-aca9310b",
"signature_type": "Function",
"digest": {
"function_hash": "156179879012380119503419194787681064833",
"length": 1608.0
},
"deprecated": false,
"target": {
"file": "drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c",
"function": "update_invalid_user_pages"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@60f6112fc9b3ba0eae519f10702c0c13bab45742",
"signature_version": "v1",
"id": "CVE-2025-40191-c6b65fad",
"signature_type": "Function",
"digest": {
"function_hash": "158727539859540984048187041878609086299",
"length": 1589.0
},
"deprecated": false,
"target": {
"file": "drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c",
"function": "update_invalid_user_pages"
}
}
]