Analyse en attenteCVE-2025-71294

CVE-2025-71294: Null Pointer Dereference in AMD GPU Driver

Plateforme

linux

Composant

amdgpu

Corrigé dans

276028fd9b60bbcc68796d1124b6b58298f4ca8a

Voir sur NVD

Sauvegarder

CVE-2025-71294 describes a Null Pointer Dereference vulnerability discovered in the AMD GPU Driver for Linux. This flaw arises when the SDMA block is not enabled, preventing proper initialization of buffer functions, potentially leading to system instability. The vulnerability affects versions of the driver prior to 276028fd9b60bbcc68796d1124b6b58298f4ca8a, and a fix is available in that version.

Impact et Scénarios d'Attaquetraduction en cours…

A successful exploitation of this Null Pointer Dereference vulnerability could allow an attacker to trigger a denial-of-service (DoS) condition, causing the system to crash or become unresponsive. The attacker could potentially gain control of the affected system, although this is less likely given the nature of the vulnerability. The impact is primarily related to system stability and availability, rather than direct data compromise. While not directly exploitable for remote code execution, a crash could be leveraged in conjunction with other vulnerabilities to escalate privileges or gain further access. The severity stems from the potential for system downtime and the difficulty in recovering from a crash.

Contexte d'Exploitationtraduction en cours…

The vulnerability was published on 2026-05-06. Exploitation context is currently limited; there are no publicly available proof-of-concept (POC) exploits. The vulnerability is not listed on KEV (Kernel Exploitability Vulnerability) as of this writing. The EPSS (Exploit Prediction Scoring System) score is pending evaluation, indicating an uncertain probability of exploitation. Monitor security advisories and threat intelligence feeds for any updates on exploitation activity.

Renseignement sur les Menaces

Statut de l'Exploit

Preuve de ConceptInconnu

CISA KEVNO

EPSS

0.02% (percentile 7%)

Logiciel Affecté

Composantamdgpu

FournisseurLinux

Version maximale276028fd9b60bbcc68796d1124b6b58298f4ca8a

Corrigé dans276028fd9b60bbcc68796d1124b6b58298f4ca8a

Chronologie

Publiée2026-05-06
Modifiée2026-05-11
EPSS mis à jour2026-05-13

Mitigation et Contournementstraduction en cours…

The primary mitigation for CVE-2025-71294 is to upgrade the AMD GPU Driver to version 276028fd9b60bbcc68796d1124b6b58298f4ca8a or later. If an immediate upgrade is not possible due to compatibility issues or system downtime concerns, consider temporarily disabling the SDMA block if it is not essential for your workload. This workaround reduces the likelihood of the vulnerability being triggered. Monitor system logs for any crashes or errors related to the AMD GPU driver, which could indicate exploitation attempts. After upgrading, confirm the fix by running a stress test on the GPU to ensure stability.

Comment corrigertraduction en cours…

Actualizar el kernel de Linux a la versión 6.7 o superior, o a una versión posterior dentro de las ramas 6.12, 6.18 o 6.19 que contengan la corrección.  Esta actualización soluciona un problema de puntero nulo en las funciones de manejo de búferes cuando el bloque SDMA no está habilitado, previniendo posibles fallos del sistema.

Questions fréquentestraduction en cours…

What is CVE-2025-71294 — Null Pointer Dereference in AMD GPU Driver?

CVE-2025-71294 is a vulnerability in the AMD GPU Driver for Linux where a Null Pointer Dereference can occur if the SDMA block is not enabled, potentially leading to system instability or denial of service.

Am I affected by CVE-2025-71294 in AMD GPU Driver?

You are affected if you are running the AMD GPU Driver for Linux on a system with a version prior to 276028fd9b60bbcc68796d1124b6b58298f4ca8a. Check your driver version to determine if you are vulnerable.

How do I fix CVE-2025-71294 in AMD GPU Driver?

Upgrade the AMD GPU Driver to version 276028fd9b60bbcc68796d1124b6b58298f4ca8a or later. As a temporary workaround, disable the SDMA block if it is not essential.

Is CVE-2025-71294 being actively exploited?

As of the current assessment, CVE-2025-71294 is not known to be actively exploited, but monitoring for exploitation attempts is recommended.

Where can I find the official AMD advisory for CVE-2025-71294?

Refer to the AMD security advisories page for the latest information and official guidance regarding CVE-2025-71294.

Ton projet est-il affecté ?

Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.

Scanner gratuitement Rechercher des CVE

en directfree scan

Essayez maintenant — sans compte

scanZone.subtitle

Scan manuelSlack/email alertsContinuous monitoringWhite-label reports

Glissez-déposez votre fichier de dépendances

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...

Parcourir les fichiers