{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-40339", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:20:57.187Z", "datePublished": "2025-12-09T04:09:55.697Z", "dateUpdated": "2025-12-09T04:09:55.697Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-09T04:09:55.697Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix nullptr err of vm_handle_moved\n\nIf a amdgpu_bo_va is fpriv->prt_va, the bo of this one is always NULL.\nSo, such kind of amdgpu_bo_va should be updated separately before\namdgpu_vm_handle_moved."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "47281febebe337586569aa4c5694a7511063a42e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "273d1ea12e42e9babb9783837906f3c466f213d3", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "859958a7faefe5b7742b7b8cdbc170713d4bf158", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c"], "versions": [{"version": "6.12.58", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17.8", "lessThanOrEqual": "6.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.12.58"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.17.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.18"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/47281febebe337586569aa4c5694a7511063a42e"}, {"url": "https://git.kernel.org/stable/c/273d1ea12e42e9babb9783837906f3c466f213d3"}, {"url": "https://git.kernel.org/stable/c/859958a7faefe5b7742b7b8cdbc170713d4bf158"}], "title": "drm/amdgpu: fix nullptr err of vm_handle_moved", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix nullptr err of vm_handle_moved\n\nIf a amdgpu_bo_va is fpriv->prt_va, the bo of this one is always NULL.\nSo, such kind of amdgpu_bo_va should be updated separately before\namdgpu_vm_handle_moved."}], "id": "CVE-2025-40339", "lastModified": "2025-12-09T18:36:53.557", "metrics": {}, "published": "2025-12-09T16:17:44.157", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/273d1ea12e42e9babb9783837906f3c466f213d3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/47281febebe337586569aa4c5694a7511063a42e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/859958a7faefe5b7742b7b8cdbc170713d4bf158"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: drm/amdgpu: fix nullptr err of vm_handle_moved", "id": "2420421", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420421"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, prevent the amdgpu module from being loaded if AMD GPU functionality is not required. See https://access.redhat.com/solutions/41278 for instructions on how to blacklist a kernel module."}, "name": "CVE-2025-40339", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-12-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-40339\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40339\nhttps://lore.kernel.org/linux-cve-announce/2025120911-CVE-2025-40339-82ee@gregkh/T"], "statement": "This vulnerability affects systems with AMD GPUs using the amdgpu driver. Exploitation requires local access and the ability to interact with AMD GPU virtual memory management. The impact is limited to denial of service through a kernel crash.", "threat_severity": "Moderate"}