CVE-2025-71294: Null Pointer Dereference in AMD GPU Driver
Plataforma
linux
Componente
amdgpu
Corrigido em
276028fd9b60bbcc68796d1124b6b58298f4ca8a
CVE-2025-71294 describes a Null Pointer Dereference vulnerability discovered in the AMD GPU Driver for Linux. This flaw arises when the SDMA block is not enabled, preventing proper initialization of buffer functions, potentially leading to system instability. The vulnerability affects versions of the driver prior to 276028fd9b60bbcc68796d1124b6b58298f4ca8a, and a fix is available in that version.
Impacto e Cenários de Ataquetraduzindo…
A successful exploitation of this Null Pointer Dereference vulnerability could allow an attacker to trigger a denial-of-service (DoS) condition, causing the system to crash or become unresponsive. The attacker could potentially gain control of the affected system, although this is less likely given the nature of the vulnerability. The impact is primarily related to system stability and availability, rather than direct data compromise. While not directly exploitable for remote code execution, a crash could be leveraged in conjunction with other vulnerabilities to escalate privileges or gain further access. The severity stems from the potential for system downtime and the difficulty in recovering from a crash.
Contexto de Exploraçãotraduzindo…
The vulnerability was published on 2026-05-06. Exploitation context is currently limited; there are no publicly available proof-of-concept (POC) exploits. The vulnerability is not listed on KEV (Kernel Exploitability Vulnerability) as of this writing. The EPSS (Exploit Prediction Scoring System) score is pending evaluation, indicating an uncertain probability of exploitation. Monitor security advisories and threat intelligence feeds for any updates on exploitation activity.
Inteligência de Ameaças
Status do Exploit
EPSS
0.02% (percentil 7%)
Software Afetado
Linha do tempo
- Publicada
- Modificada
- EPSS atualizado
Mitigação e Soluções Alternativastraduzindo…
The primary mitigation for CVE-2025-71294 is to upgrade the AMD GPU Driver to version 276028fd9b60bbcc68796d1124b6b58298f4ca8a or later. If an immediate upgrade is not possible due to compatibility issues or system downtime concerns, consider temporarily disabling the SDMA block if it is not essential for your workload. This workaround reduces the likelihood of the vulnerability being triggered. Monitor system logs for any crashes or errors related to the AMD GPU driver, which could indicate exploitation attempts. After upgrading, confirm the fix by running a stress test on the GPU to ensure stability.
Como corrigirtraduzindo…
Actualizar el kernel de Linux a la versión 6.7 o superior, o a una versión posterior dentro de las ramas 6.12, 6.18 o 6.19 que contengan la corrección. Esta actualización soluciona un problema de puntero nulo en las funciones de manejo de búferes cuando el bloque SDMA no está habilitado, previniendo posibles fallos del sistema.
Perguntas frequentestraduzindo…
What is CVE-2025-71294 — Null Pointer Dereference in AMD GPU Driver?
CVE-2025-71294 is a vulnerability in the AMD GPU Driver for Linux where a Null Pointer Dereference can occur if the SDMA block is not enabled, potentially leading to system instability or denial of service.
Am I affected by CVE-2025-71294 in AMD GPU Driver?
You are affected if you are running the AMD GPU Driver for Linux on a system with a version prior to 276028fd9b60bbcc68796d1124b6b58298f4ca8a. Check your driver version to determine if you are vulnerable.
How do I fix CVE-2025-71294 in AMD GPU Driver?
Upgrade the AMD GPU Driver to version 276028fd9b60bbcc68796d1124b6b58298f4ca8a or later. As a temporary workaround, disable the SDMA block if it is not essential.
Is CVE-2025-71294 being actively exploited?
As of the current assessment, CVE-2025-71294 is not known to be actively exploited, but monitoring for exploitation attempts is recommended.
Where can I find the official AMD advisory for CVE-2025-71294?
Refer to the AMD security advisories page for the latest information and official guidance regarding CVE-2025-71294.
Seu projeto está afetado?
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Experimente agora — sem conta
Faça upload de qualquer manifesto (composer.lock, package-lock.json, lista de plugins WordPress…) ou cole sua lista de componentes. Receba um relatório de vulnerabilidades instantaneamente. Fazer upload de um arquivo é só o começo: com uma conta, você obtém monitoramento contínuo, alertas por Slack/email, relatórios multiprojeto e white-label.
Arraste e solte seu arquivo de dependências
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...