CVE-2025-40289
Description
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM
Otherwise accessing them can cause a crash.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's amdgpu driver, VRAM sysfs attributes are exposed on GPUs without VRAM, causing a system crash when accessed.
Vulnerability
In the Linux kernel's drm/amdgpu driver, sysfs attributes related to VRAM are created for all GPUs, including those without any VRAM. Accessing these attributes on a GPU without VRAM triggers a crash due to dereferencing a NULL or invalid pointer.
Exploitation
The attack surface is local: any unprivileged user with access to the sysfs filesystem can trigger the crash by reading a VRAM sysfs file on a VRAM-less GPU. No special privileges or authentication are required beyond the ability to traverse sysfs.
Impact
Successful exploitation results in a denial of service, causing the kernel to crash and potentially requiring a system reboot. The vulnerability does not lead to privilege escalation or data corruption.
Mitigation
The fix hides the VRAM sysfs attributes for GPUs without VRAM, preventing the crash. Patches have been applied to stable kernel trees as referenced in commits [1], [2], [3]. Users should update their kernels to include these fixes.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
339a1c8c860e3a67a9f99ce1333cc891b56b9Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3News mentions
0No linked articles in our index yet.