CVE-2025-68201

Root

Cause The Linux kernel drm/amdgpu driver contained two BUG_ON() assertions that could be reached from user space. The official description states those BUG_ON()s were invalid because they could be triggered trivially by userspace. A BUG_ON() call is intended for unrecoverable internal kernel errors; triggering it always results in a system crash (kernel panic). Having such a check reachable from user space means any unprivileged process could intentionally force a system-wide denial of service.

Attack

Surface Exploitation requires only the ability to issue certain ioctl calls to the AMD GPU device, which is accessible to any local user with permissions to open the /dev/dri/* nodes (e.g., members of the video group or the console user). No special privileges are needed for the attack. The attacker would simply interact with the GPU driver through the standard DRM interface, passing crafted parameters that hit the removed BUG_ON() paths. Since no authentication or network access is required, the attack surface is the local user session.

Impact

A local unprivileged user could trigger either of the two BUG_ON()s to crash the entire kernel, causing a denial of service for all users and processes on the system. There is no evidence of data corruption or privilege escalation—the impact is limited to system availability. However, a system crash is a serious availability issue, especially on multi-user systems or machines where uptime is critical.

Mitigation

Status The fix [1] removes both problematic BUG_ON() calls, replacing them with safer error returns (e.g., returning -EINVAL to the caller) so that the driver rejects invalid input gracefully without crashing the kernel. The commit is in the Linux kernel stable tree and has been backported to various stable versions. Users should update their kernels to a version containing the patch. No workaround is available other than restricting access to the DRI devices or applying the kernel update.