Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices Previously, APU platforms (and other scenarios with uninitialized VRAM managers) triggered a NULL pointer dereference in `ttm_resource_manager_usage()`. The root cause is not that the `struct ttm_resource_manager *man` pointer itself is NULL, but that `man->bdev` (the backing device pointer within the manager) remains uninitialized (NULL) on APUs—since APUs lack dedicated VRAM and do not fully set up VRAM manager structures. When `ttm_resource_manager_usage()` attempts to acquire `man->bdev->lru_lock`, it dereferences the NULL `man->bdev`, leading to a kernel OOPS. 1. **amdgpu_cs.c**: Extend the existing bandwidth control check in `amdgpu_cs_get_threshold_for_moves()` to include a check for `ttm_resource_manager_used()`. If the manager is not used (uninitialized `bdev`), return 0 for migration thresholds immediately—skipping VRAM-specific logic that would trigger the NULL dereference. 2. **amdgpu_kms.c**: Update the `AMDGPU_INFO_VRAM_USAGE` ioctl and memory info reporting to use a conditional: if the manager is used, return the real VRAM usage; otherwise, return 0. This avoids accessing `man->bdev` when it is NULL. 3. **amdgpu_virt.c**: Modify the vf2pf (virtual function to physical function) data write path. Use `ttm_resource_manager_used()` to check validity: if the manager is usable, calculate `fb_usage` from VRAM usage; otherwise, set `fb_usage` to 0 (APUs have no discrete framebuffer to report). This approach is more robust than APU-specific checks because it: - Works for all scenarios where the VRAM manager is uninitialized (not just APUs), - Aligns with TTM's design by using its native helper function, - Preserves correct behavior for discrete GPUs (which have fully initialized `man->bdev` and pass the `ttm_resource_manager_used()` check). v4: use ttm_resource_manager_used(&adev->mman.vram_mgr.manager) instead of checking the adev->gmc.is_app_apu flag (Christian)

INFO

Published Date :

2025-12-06T21:51:14.440Z

Last Modified :

2025-12-06T21:51:14.440Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-40288 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-40288.

URL Resource
https://git.kernel.org/stable/c/070bdce18fb12a49eb9c421e57df17d2ad29bf5f cve-icon cve-icon
https://git.kernel.org/stable/c/1243e396148a65bb6c42a2b70fe43e50c16c494f cve-icon cve-icon
https://git.kernel.org/stable/c/43aa61c18a3a45042b098b7a1186ffb29364002c cve-icon cve-icon
https://git.kernel.org/stable/c/883f309add55060233bf11c1ea6947140372920f cve-icon cve-icon
https://git.kernel.org/stable/c/e70113b741ba253886cd71dbadfe3ea444bb2f5c cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System