CVE-2025-71294: Null Pointer Dereference in AMD GPU Driver
平台
linux
组件
amdgpu
修复版本
276028fd9b60bbcc68796d1124b6b58298f4ca8a
CVE-2025-71294 describes a Null Pointer Dereference vulnerability discovered in the AMD GPU Driver for Linux. This flaw arises when the SDMA block is not enabled, preventing proper initialization of buffer functions, potentially leading to system instability. The vulnerability affects versions of the driver prior to 276028fd9b60bbcc68796d1124b6b58298f4ca8a, and a fix is available in that version.
影响与攻击场景翻译中…
A successful exploitation of this Null Pointer Dereference vulnerability could allow an attacker to trigger a denial-of-service (DoS) condition, causing the system to crash or become unresponsive. The attacker could potentially gain control of the affected system, although this is less likely given the nature of the vulnerability. The impact is primarily related to system stability and availability, rather than direct data compromise. While not directly exploitable for remote code execution, a crash could be leveraged in conjunction with other vulnerabilities to escalate privileges or gain further access. The severity stems from the potential for system downtime and the difficulty in recovering from a crash.
利用背景翻译中…
The vulnerability was published on 2026-05-06. Exploitation context is currently limited; there are no publicly available proof-of-concept (POC) exploits. The vulnerability is not listed on KEV (Kernel Exploitability Vulnerability) as of this writing. The EPSS (Exploit Prediction Scoring System) score is pending evaluation, indicating an uncertain probability of exploitation. Monitor security advisories and threat intelligence feeds for any updates on exploitation activity.
威胁情报
漏洞利用状态
EPSS
0.02% (7% 百分位)
受影响的软件
时间线
- 发布日期
- 修改日期
- EPSS 更新日期
缓解措施和替代方案翻译中…
The primary mitigation for CVE-2025-71294 is to upgrade the AMD GPU Driver to version 276028fd9b60bbcc68796d1124b6b58298f4ca8a or later. If an immediate upgrade is not possible due to compatibility issues or system downtime concerns, consider temporarily disabling the SDMA block if it is not essential for your workload. This workaround reduces the likelihood of the vulnerability being triggered. Monitor system logs for any crashes or errors related to the AMD GPU driver, which could indicate exploitation attempts. After upgrading, confirm the fix by running a stress test on the GPU to ensure stability.
修复方法翻译中…
Actualizar el kernel de Linux a la versión 6.7 o superior, o a una versión posterior dentro de las ramas 6.12, 6.18 o 6.19 que contengan la corrección. Esta actualización soluciona un problema de puntero nulo en las funciones de manejo de búferes cuando el bloque SDMA no está habilitado, previniendo posibles fallos del sistema.
常见问题翻译中…
What is CVE-2025-71294 — Null Pointer Dereference in AMD GPU Driver?
CVE-2025-71294 is a vulnerability in the AMD GPU Driver for Linux where a Null Pointer Dereference can occur if the SDMA block is not enabled, potentially leading to system instability or denial of service.
Am I affected by CVE-2025-71294 in AMD GPU Driver?
You are affected if you are running the AMD GPU Driver for Linux on a system with a version prior to 276028fd9b60bbcc68796d1124b6b58298f4ca8a. Check your driver version to determine if you are vulnerable.
How do I fix CVE-2025-71294 in AMD GPU Driver?
Upgrade the AMD GPU Driver to version 276028fd9b60bbcc68796d1124b6b58298f4ca8a or later. As a temporary workaround, disable the SDMA block if it is not essential.
Is CVE-2025-71294 being actively exploited?
As of the current assessment, CVE-2025-71294 is not known to be actively exploited, but monitoring for exploitation attempts is recommended.
Where can I find the official AMD advisory for CVE-2025-71294?
Refer to the AMD security advisories page for the latest information and official guidance regarding CVE-2025-71294.
立即试用 — 无需账户
上传任何清单文件 (composer.lock, package-lock.json, WordPress 插件列表…) 或粘贴您的组件列表。您立即获得一份漏洞报告。上传文件只是开始:拥有账户后,您将获得持续监控、Slack/电子邮件警报、多项目和白标报告。
拖放您的依赖文件
composer.lock、package-lock.json、requirements.txt、Gemfile.lock、pubspec.lock、Dockerfile...