CVE-2025-71293: NULL Pointer in AMD GPU Driver
Plattform
linux
Komponente
amdgpu
Behoben in
bd68a1404b6fa2e7e9957b38ba22616faba43e75
CVE-2025-71293 addresses a critical NULL pointer dereference vulnerability within the AMD GPU driver for the Linux kernel. This flaw occurs when the eeprom contains only invalid address entries, leading to a skipped allocation and subsequent crash. The vulnerability is resolved in kernel version bd68a1404b6fa2e7e9957b38ba22616faba43e75.
Auswirkungen und Angriffsszenarien
The vulnerability stems from a failure in the AMD GPU driver's handling of invalid eeprom data. Specifically, if the eeprom contains only invalid address entries, the allocation process is skipped. This skipped allocation leads to a subsequent attempt to dereference a NULL pointer, triggering a kernel panic and system crash. The impact is severe, as it can result in a complete system outage. The error message indicates a 'NULL pointer dereference' and a 'not-present page' fault, confirming the root cause. This vulnerability affects systems relying on the AMD GPU driver for graphics processing and display functionality.
Ausnutzungskontext
CVE-2025-71293 was identified through kernel debugging and analysis. The exploitation probability is considered low to medium, as it requires specific eeprom configurations. Public proof-of-concept (POC) code is not currently available. The vulnerability's severity is pending full evaluation. Published on 2026-05-06.
Bedrohungsanalyse
Exploit-Status
EPSS
0.02% (6% Perzentil)
Betroffene Software
Zeitleiste
- Veröffentlicht
- Geändert
- EPSS aktualisiert
Mitigation und Workarounds
The primary mitigation for CVE-2025-71293 is to upgrade to the fixed kernel version, bd68a1404b6fa2e7e9957b38ba22616faba43e75. Before upgrading, ensure that your system has sufficient resources and that the upgrade process is compatible with your hardware and software configuration. While a rollback is possible, it's generally not recommended unless the upgrade introduces other critical issues. There are no specific WAF or proxy rules applicable to this vulnerability as it resides within the kernel. Monitor system logs for any related errors or crashes. After upgrading, confirm the fix by running graphics-intensive applications and verifying system stability.
So behebenwird übersetzt…
Actualizar el kernel de Linux a la versión 6.8.1 o superior para mitigar el problema. La vulnerabilidad se produce debido a una condición de carrera en la asignación de datos RAS, que puede provocar una desreferenciación de puntero nulo. La actualización corrige este problema moviendo la asignación de datos antes de la verificación de páginas defectuosas.
Häufig gestellte Fragen
Was ist CVE-2025-71293 — Null Pointer Dereference in AMD GPU Driver?
It's a vulnerability in the AMD GPU driver for Linux that can cause a NULL pointer dereference and system crash.
Bin ich von CVE-2025-71293 in AMD GPU Driver betroffen?
If you are running a Linux kernel version less than or equal to bd68a1404b6fa2e7e9957b38ba22616faba43e75 and use the AMD GPU driver, you are potentially affected.
Wie behebe ich CVE-2025-71293 in AMD GPU Driver?
Upgrade your Linux kernel to version bd68a1404b6fa2e7e9957b38ba22616faba43e75. Back up your system before upgrading.
Wird CVE-2025-71293 aktiv ausgenutzt?
Currently, there are no publicly known exploits.
Wo finde ich den offiziellen AMD GPU Driver-Hinweis für CVE-2025-71293?
Refer to the Linux kernel security mailing list and relevant security advisories for updates and further information.
Ist dein Projekt betroffen?
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Jetzt testen — kein Konto
Laden Sie ein Manifest hoch (composer.lock, package-lock.json, WordPress Plugin-Liste…) oder fügen Sie Ihre Komponentenliste ein. Sie erhalten sofort einen Schwachstellenbericht. Das Hochladen einer Datei ist nur der Anfang: Mit einem Konto erhalten Sie kontinuierliche Überwachung, Slack/email-Benachrichtigungen, Multi-Projekt- und White-Label-Berichte.
Abhängigkeitsdatei hier ablegen
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...