CVE-2025-40335

Vulnerability

Overview

The vulnerability resides in the Linux kernel's drm/amdgpu driver, specifically in the handling of user queue (userq) input arguments. The code lacked proper validation of parameters passed via IOCTLs, allowing users to submit malformed or invalid requests. The fix adds validation to reject such that invalid userq requests are rejected at the IOCTL entry point, preventing them from reaching deeper kernel code paths [1].

Exploitation

An attacker with local access and the ability to issue DRM IOCTLs (e.g., a user with graphics device permissions) could craft a malicious userq request. No special attention is needed because the amdgpu driver is commonly used in systems with AMD GPUs, making this a locally exploitable issue. No authentication beyond local user access is required, and the attack surface is the IOCTL interface exposed to user space.

Impact

Successful exploitation could lead to kernel memory corruption, system crashes (denial of service), or potentially privilege escalation if the attacker can manipulate kernel structures. The vulnerability is rated with a CVSS score of 7.8 (High), indicating significant impact on confidentiality, integrity, and availability.

Mitigation

The fix has been applied in the Linux kernel stable tree as commit bdaa7ad3a5bb [1]. Users should update to a kernel version containing this commit or apply the patch. No workaround is available; the only mitigation is to apply the kernel update.