CVE-2025-40288

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices<br /> <br /> Previously, APU platforms (and other scenarios with uninitialized VRAM managers)<br /> triggered a NULL pointer dereference in `ttm_resource_manager_usage()`. The root<br /> cause is not that the `struct ttm_resource_manager *man` pointer itself is NULL,<br /> but that `man-&gt;bdev` (the backing device pointer within the manager) remains<br /> uninitialized (NULL) on APUs—since APUs lack dedicated VRAM and do not fully<br /> set up VRAM manager structures. When `ttm_resource_manager_usage()` attempts to<br /> acquire `man-&gt;bdev-&gt;lru_lock`, it dereferences the NULL `man-&gt;bdev`, leading to<br /> a kernel OOPS.<br /> <br /> 1. **amdgpu_cs.c**: Extend the existing bandwidth control check in<br /> `amdgpu_cs_get_threshold_for_moves()` to include a check for<br /> `ttm_resource_manager_used()`. If the manager is not used (uninitialized<br /> `bdev`), return 0 for migration thresholds immediately—skipping VRAM-specific<br /> logic that would trigger the NULL dereference.<br /> <br /> 2. **amdgpu_kms.c**: Update the `AMDGPU_INFO_VRAM_USAGE` ioctl and memory info<br /> reporting to use a conditional: if the manager is used, return the real VRAM<br /> usage; otherwise, return 0. This avoids accessing `man-&gt;bdev` when it is<br /> NULL.<br /> <br /> 3. **amdgpu_virt.c**: Modify the vf2pf (virtual function to physical function)<br /> data write path. Use `ttm_resource_manager_used()` to check validity: if the<br /> manager is usable, calculate `fb_usage` from VRAM usage; otherwise, set<br /> `fb_usage` to 0 (APUs have no discrete framebuffer to report).<br /> <br /> This approach is more robust than APU-specific checks because it:<br /> - Works for all scenarios where the VRAM manager is uninitialized (not just APUs),<br /> - Aligns with TTM&amp;#39;s design by using its native helper function,<br /> - Preserves correct behavior for discrete GPUs (which have fully initialized<br /> `man-&gt;bdev` and pass the `ttm_resource_manager_used()` check).<br /> <br /> v4: use ttm_resource_manager_used(&amp;adev-&gt;mman.vram_mgr.manager) instead of checking the adev-&gt;gmc.is_app_apu flag (Christian)