CVE-2025-71294: Null Pointer Dereference in AMD GPU Driver
Plattform
linux
Komponente
amdgpu
Behoben in
276028fd9b60bbcc68796d1124b6b58298f4ca8a
CVE-2025-71294 addresses a null pointer dereference vulnerability discovered within the AMD GPU Driver for Linux. This condition arises when the SDMA block is not enabled, leading to an uninitialized 'buffer_funcs' variable. Exploitation could result in system instability or denial of service. The vulnerability affects versions of the driver prior to 276028fd9b60bbcc68796d1124b6b58298f4ca8a and has been resolved in the specified fixed version.
Auswirkungen und Angriffsszenarien
A null pointer dereference occurs when a program attempts to access memory at an invalid address, often leading to a crash or unexpected behavior. In this case, if the SDMA block is not enabled, the 'buffer_funcs' variable remains uninitialized. An attacker could potentially trigger this condition by manipulating the system's graphics configuration or by exploiting other vulnerabilities that influence the SDMA block's state. Successful exploitation could lead to a denial of service, preventing the system from rendering graphics or performing other GPU-related tasks. While direct code execution is less likely, the instability caused by the crash could be leveraged in conjunction with other vulnerabilities to achieve a more severe outcome.
Ausnutzungskontext
The vulnerability was published on 2026-05-06. Exploitation context is currently limited, and no public proof-of-concept (POC) exploits are known. The vulnerability is not listed on KEV or EPSS, suggesting a low probability of active exploitation at this time. Monitor security advisories and vulnerability databases for any updates.
Bedrohungsanalyse
Exploit-Status
EPSS
0.02% (7% Perzentil)
Betroffene Software
Zeitleiste
- Veröffentlicht
- Geändert
- EPSS aktualisiert
Mitigation und Workarounds
The primary mitigation for CVE-2025-71294 is to update the AMD GPU Driver to version 276028fd9b60bbcc68796d1124b6b58298f4ca8a or later. If an immediate upgrade is not possible due to compatibility issues, consider temporarily disabling the SDMA block functionality if it is not essential for your workload. Monitor system logs for any graphics-related errors that might indicate exploitation attempts. Implement robust input validation for any parameters related to graphics configuration to prevent malicious manipulation. After upgrade, confirm the fix by verifying the driver version and testing graphics functionality.
So behebenwird übersetzt…
Actualizar el kernel de Linux a la versión 6.7 o superior, o a una versión posterior dentro de las ramas 6.12, 6.18 o 6.19 que contengan la corrección. Esta actualización soluciona un problema de puntero nulo en las funciones de manejo de búferes cuando el bloque SDMA no está habilitado, previniendo posibles fallos del sistema.
Häufig gestellte Fragen
Was ist CVE-2025-71294 — Null Pointer Dereference in AMD GPU Driver?
It's a null pointer dereference vulnerability in the AMD GPU Driver for Linux, potentially causing system instability.
Bin ich von CVE-2025-71294 in AMD GPU Driver betroffen?
If you're using a version of the AMD GPU Driver for Linux prior to 276028fd9b60bbcc68796d1124b6b58298f4ca8a, you are potentially affected.
Wie behebe ich CVE-2025-71294 in AMD GPU Driver?
Update your AMD GPU Driver to version 276028fd9b60bbcc68796d1124b6b58298f4ca8a or later.
Wird CVE-2025-71294 aktiv ausgenutzt?
Currently, there are no known public exploits or active campaigns targeting this vulnerability.
Wo finde ich den offiziellen AMD GPU Driver-Hinweis für CVE-2025-71294?
Refer to the AMD security advisories and the NVD entry for CVE-2025-71294 for further details.
Ist dein Projekt betroffen?
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Jetzt testen — kein Konto
Laden Sie ein Manifest hoch (composer.lock, package-lock.json, WordPress Plugin-Liste…) oder fügen Sie Ihre Komponentenliste ein. Sie erhalten sofort einen Schwachstellenbericht. Das Hochladen einer Datei ist nur der Anfang: Mit einem Konto erhalten Sie kontinuierliche Überwachung, Slack/email-Benachrichtigungen, Multi-Projekt- und White-Label-Berichte.
Abhängigkeitsdatei hier ablegen
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...