CVE-2025-40191

Linux Kernel - Use-After-Free in drm/amdkfd Userptr Unmapping

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kfd process ref leaking when userptr unmapping kfd_lookup_process_by_pid hold the kfd process reference to ensure it doesn't get destroyed while sending the segfault event to user space. Calling kfd_lookup_process_by_pid as function parameter leaks the kfd process refcount and miss the NULL pointer check if app process is already destroyed.

Scores

EPSS 0.0017
EPSS Percentile 6.4%

Details

Status published
Products (7)
linux/Kernel 6.16.0 - 6.17.4linux
Linux/Linux < 6.16
Linux/Linux 2d274bf7099bc5e95fabaa93f23d0eb2977187ad - 58e6fc2fb94f0f409447e5d46cf6a417b6397fbc
Linux/Linux 2d274bf7099bc5e95fabaa93f23d0eb2977187ad - 60f6112fc9b3ba0eae519f10702c0c13bab45742
Linux/Linux 6.16
Linux/Linux 6.17.4 - 6.17.*
Linux/Linux 6.18
Published Nov 12, 2025
Tracked Since Feb 18, 2026