CVE-2025-38011 (GCVE-0-2025-38011)

Vulnerability from cvelistv5 – Published: 2025-06-18 09:28 – Updated: 2025-07-15 15:43
VLAI?
Summary
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: csa unmap use uninterruptible lock After process exit to unmap csa and free GPU vm, if signal is accepted and then waiting to take vm lock is interrupted and return, it causes memory leaking and below warning backtrace. Change to use uninterruptible wait lock fix the issue. WARNING: CPU: 69 PID: 167800 at amd/amdgpu/amdgpu_kms.c:1525 amdgpu_driver_postclose_kms+0x294/0x2a0 [amdgpu] Call Trace: <TASK> drm_file_free.part.0+0x1da/0x230 [drm] drm_close_helper.isra.0+0x65/0x70 [drm] drm_release+0x6a/0x120 [drm] amdgpu_drm_release+0x51/0x60 [amdgpu] __fput+0x9f/0x280 ____fput+0xe/0x20 task_work_run+0x67/0xa0 do_exit+0x217/0x3c0 do_group_exit+0x3b/0xb0 get_signal+0x14a/0x8d0 arch_do_signal_or_restart+0xde/0x100 exit_to_user_mode_loop+0xc1/0x1a0 exit_to_user_mode_prepare+0xf4/0x100 syscall_exit_to_user_mode+0x17/0x40 do_syscall_64+0x69/0xc0 (cherry picked from commit 7dbbfb3c171a6f63b01165958629c9c26abf38ab)
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 8a206685d36f6f0c6b72637f920ef973ea9cc936 , < 8d71c3231b33e24a911b8f2d8c3a17ee40aa32d5 (git)
Affected: 8a206685d36f6f0c6b72637f920ef973ea9cc936 , < a1adc8d9a0d219d4e88672c30dbc9ea960d73136 (git)
Affected: 8a206685d36f6f0c6b72637f920ef973ea9cc936 , < a0fa7873f2f869087b1e7793f7fac3713a1e3afe (git)
Create a notification for this product.
    Linux Linux Affected: 6.6
Unaffected: 0 , < 6.6 (semver)
Unaffected: 6.12.30 , ≤ 6.12.* (semver)
Unaffected: 6.14.8 , ≤ 6.14.* (semver)
Unaffected: 6.15 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8d71c3231b33e24a911b8f2d8c3a17ee40aa32d5",
              "status": "affected",
              "version": "8a206685d36f6f0c6b72637f920ef973ea9cc936",
              "versionType": "git"
            },
            {
              "lessThan": "a1adc8d9a0d219d4e88672c30dbc9ea960d73136",
              "status": "affected",
              "version": "8a206685d36f6f0c6b72637f920ef973ea9cc936",
              "versionType": "git"
            },
            {
              "lessThan": "a0fa7873f2f869087b1e7793f7fac3713a1e3afe",
              "status": "affected",
              "version": "8a206685d36f6f0c6b72637f920ef973ea9cc936",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.30",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.8",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: csa unmap use uninterruptible lock\n\nAfter process exit to unmap csa and free GPU vm, if signal is accepted\nand then waiting to take vm lock is interrupted and return, it causes\nmemory leaking and below warning backtrace.\n\nChange to use uninterruptible wait lock fix the issue.\n\nWARNING: CPU: 69 PID: 167800 at amd/amdgpu/amdgpu_kms.c:1525\n amdgpu_driver_postclose_kms+0x294/0x2a0 [amdgpu]\n Call Trace:\n  \u003cTASK\u003e\n  drm_file_free.part.0+0x1da/0x230 [drm]\n  drm_close_helper.isra.0+0x65/0x70 [drm]\n  drm_release+0x6a/0x120 [drm]\n  amdgpu_drm_release+0x51/0x60 [amdgpu]\n  __fput+0x9f/0x280\n  ____fput+0xe/0x20\n  task_work_run+0x67/0xa0\n  do_exit+0x217/0x3c0\n  do_group_exit+0x3b/0xb0\n  get_signal+0x14a/0x8d0\n  arch_do_signal_or_restart+0xde/0x100\n  exit_to_user_mode_loop+0xc1/0x1a0\n  exit_to_user_mode_prepare+0xf4/0x100\n  syscall_exit_to_user_mode+0x17/0x40\n  do_syscall_64+0x69/0xc0\n\n(cherry picked from commit 7dbbfb3c171a6f63b01165958629c9c26abf38ab)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-15T15:43:52.921Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8d71c3231b33e24a911b8f2d8c3a17ee40aa32d5"
        },
        {
          "url": "https://git.kernel.org/stable/c/a1adc8d9a0d219d4e88672c30dbc9ea960d73136"
        },
        {
          "url": "https://git.kernel.org/stable/c/a0fa7873f2f869087b1e7793f7fac3713a1e3afe"
        }
      ],
      "title": "drm/amdgpu: csa unmap use uninterruptible lock",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38011",
    "datePublished": "2025-06-18T09:28:21.453Z",
    "dateReserved": "2025-04-16T04:51:23.977Z",
    "dateUpdated": "2025-07-15T15:43:52.921Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-38011\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-06-18T10:15:32.417\",\"lastModified\":\"2025-11-17T12:56:18.870\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndrm/amdgpu: csa unmap use uninterruptible lock\\n\\nAfter process exit to unmap csa and free GPU vm, if signal is accepted\\nand then waiting to take vm lock is interrupted and return, it causes\\nmemory leaking and below warning backtrace.\\n\\nChange to use uninterruptible wait lock fix the issue.\\n\\nWARNING: CPU: 69 PID: 167800 at amd/amdgpu/amdgpu_kms.c:1525\\n amdgpu_driver_postclose_kms+0x294/0x2a0 [amdgpu]\\n Call Trace:\\n  \u003cTASK\u003e\\n  drm_file_free.part.0+0x1da/0x230 [drm]\\n  drm_close_helper.isra.0+0x65/0x70 [drm]\\n  drm_release+0x6a/0x120 [drm]\\n  amdgpu_drm_release+0x51/0x60 [amdgpu]\\n  __fput+0x9f/0x280\\n  ____fput+0xe/0x20\\n  task_work_run+0x67/0xa0\\n  do_exit+0x217/0x3c0\\n  do_group_exit+0x3b/0xb0\\n  get_signal+0x14a/0x8d0\\n  arch_do_signal_or_restart+0xde/0x100\\n  exit_to_user_mode_loop+0xc1/0x1a0\\n  exit_to_user_mode_prepare+0xf4/0x100\\n  syscall_exit_to_user_mode+0x17/0x40\\n  do_syscall_64+0x69/0xc0\\n\\n(cherry picked from commit 7dbbfb3c171a6f63b01165958629c9c26abf38ab)\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: csa unmap usa un bloqueo ininterrumpible. Tras salir del proceso para desasignar csa y liberar la m\u00e1quina virtual de la GPU, si se acepta la se\u00f1al y se interrumpe la espera para obtener el bloqueo de la m\u00e1quina virtual y se retorna, se produce una fuga de memoria y un seguimiento inverso inferior a la advertencia. Cambiar al uso de un bloqueo de espera ininterrumpible soluciona el problema. ADVERTENCIA: CPU: 69 PID: 167800 en amd/amdgpu/amdgpu_kms.c:1525 amdgpu_driver_postclose_kms+0x294/0x2a0 [amdgpu] Seguimiento de llamadas:  drm_file_free.part.0+0x1da/0x230 [drm] drm_close_helper.isra.0+0x65/0x70 [drm] drm_release+0x6a/0x120 [drm] amdgpu_drm_release+0x51/0x60 [amdgpu] __fput+0x9f/0x280 ____fput+0xe/0x20 task_work_run+0x67/0xa0 do_exit+0x217/0x3c0 do_group_exit+0x3b/0xb0 get_signal+0x14a/0x8d0 arch_do_signal_or_restart+0xde/0x100 exit_to_user_mode_loop+0xc1/0x1a0 exit_to_user_mode_prepare+0xf4/0x100 syscall_exit_to_user_mode+0x17/0x40 do_syscall_64+0x69/0xc0 (seleccionado de el commit 7dbbfb3c171a6f63b01165958629c9c26abf38ab)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.6\",\"versionEndExcluding\":\"6.12.30\",\"matchCriteriaId\":\"9D220B6C-D22A-4648-BD64-B5FEE59A4253\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.14.8\",\"matchCriteriaId\":\"D4458049-AD51-4F1B-BAB9-C32B53A54DE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D465631-2980-487A-8E65-40AE2B9F8ED1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C9D071F-B28E-46EC-AC61-22B913390211\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.15:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"13FC0DDE-E513-465E-9E81-515702D49B74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.15:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C7B5B0E-4EEB-48F5-B4CF-0935A7633845\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.15:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D240580-3048-49B2-9E27-F115A9DF8224\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.15:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"90320558-E553-4EF5-8A0B-0F5D20113BD2\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/8d71c3231b33e24a911b8f2d8c3a17ee40aa32d5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a0fa7873f2f869087b1e7793f7fac3713a1e3afe\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a1adc8d9a0d219d4e88672c30dbc9ea960d73136\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.