CVE-2025-40310

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw<br /> <br /> There is race in amdgpu_amdkfd_device_fini_sw and interrupt.<br /> if amdgpu_amdkfd_device_fini_sw run in b/w kfd_cleanup_nodes and<br /> kfree(kfd), and KGD interrupt generated.<br /> <br /> kernel panic log:<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000098<br /> amdgpu 0000:c8:00.0: amdgpu: Requesting 4 partitions through PSP<br /> <br /> PGD d78c68067 P4D d78c68067<br /> <br /> kfd kfd: amdgpu: Allocated 3969056 bytes on gart<br /> <br /> PUD 1465b8067 PMD @<br /> <br /> Oops: @002 [#1] SMP NOPTI<br /> <br /> kfd kfd: amdgpu: Total number of KFD nodes to be created: 4<br /> CPU: 115 PID: @ Comm: swapper/115 Kdump: loaded Tainted: G S W OE K<br /> <br /> RIP: 0010:_raw_spin_lock_irqsave+0x12/0x40<br /> <br /> Code: 89 e@ 41 5c c3 cc cc cc cc 66 66 2e Of 1f 84 00 00 00 00 00 OF 1f 40 00 Of 1f 44% 00 00 41 54 9c 41 5c fa 31 cO ba 01 00 00 00 OF b1 17 75 Ba 4c 89 e@ 41 Sc<br /> <br /> 89 c6 e8 07 38 5d<br /> <br /> RSP: 0018: ffffc90@1a6b0e28 EFLAGS: 00010046<br /> <br /> RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000018<br /> 0000000000000001 RSI: ffff8883bb623e00 RDI: 0000000000000098<br /> ffff8883bb000000 RO8: ffff888100055020 ROO: ffff888100055020<br /> 0000000000000000 R11: 0000000000000000 R12: 0900000000000002<br /> ffff888F2b97da0@ R14: @000000000000098 R15: ffff8883babdfo00<br /> <br /> CS: 010 DS: 0000 ES: 0000 CRO: 0000000080050033<br /> <br /> CR2: 0000000000000098 CR3: 0000000e7cae2006 CR4: 0000000002770ce0<br /> 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> 0000000000000000 DR6: 00000000fffeO7FO DR7: 0000000000000400<br /> <br /> PKRU: 55555554<br /> <br /> Call Trace:<br /> <br /> <br /> <br /> kgd2kfd_interrupt+@x6b/0x1f@ [amdgpu]<br /> <br /> ? amdgpu_fence_process+0xa4/0x150 [amdgpu]<br /> <br /> kfd kfd: amdgpu: Node: 0, interrupt_bitmap: 3 YcpxFl Rant tErace<br /> <br /> amdgpu_irq_dispatch+0x165/0x210 [amdgpu]<br /> <br /> amdgpu_ih_process+0x80/0x100 [amdgpu]<br /> <br /> amdgpu: Virtual CRAT table created for GPU<br /> <br /> amdgpu_irq_handler+0x1f/@x60 [amdgpu]<br /> <br /> __handle_irq_event_percpu+0x3d/0x170<br /> <br /> amdgpu: Topology: Add dGPU node [0x74a2:0x1002]<br /> <br /> handle_irq_event+0x5a/@xcO<br /> <br /> handle_edge_irq+0x93/0x240<br /> <br /> kfd kfd: amdgpu: KFD node 1 partition @ size 49148M<br /> <br /> asm_call_irq_on_stack+0xf/@x20<br /> <br /> <br /> <br /> common_interrupt+0xb3/0x130<br /> <br /> asm_common_interrupt+0x1le/0x40<br /> <br /> 5.10.134-010.a1i5000.a18.x86_64 #1