#VU108865 NULL pointer dereference in Linux kernel - CVE-2025-37853

Cybersecurity Help s.r.o.

Published: 2025-05-09 | Updated: 2025-05-10

Vulnerability identifier: #VU108865

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37853

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the kfd_debugfs_hang_hws() function in drivers/gpu/drm/amd/amdkfd/kfd_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.6, 6.6 rc1, 6.6 rc2, 6.6 rc3, 6.6 rc4, 6.6 rc5, 6.6 rc6, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 6.6.13, 6.6.14, 6.6.15, 6.6.16, 6.6.17, 6.6.18, 6.6.19, 6.6.20, 6.6.21, 6.6.22, 6.6.23, 6.6.24, 6.6.25, 6.6.26, 6.6.27, 6.6.28, 6.6.29, 6.6.30, 6.6.31, 6.6.32, 6.6.33, 6.6.34, 6.6.35, 6.6.36, 6.6.37, 6.6.38, 6.6.39, 6.6.40, 6.6.41, 6.6.42, 6.6.43, 6.6.44, 6.6.45, 6.6.46, 6.6.47, 6.6.48, 6.6.49, 6.6.50, 6.6.51, 6.6.52, 6.6.53, 6.6.54, 6.6.55, 6.6.56, 6.6.57, 6.6.58, 6.6.59, 6.6.60, 6.6.61, 6.6.62, 6.6.63, 6.6.64, 6.6.65, 6.6.66, 6.6.67, 6.6.68, 6.6.69, 6.6.70, 6.6.71, 6.6.72, 6.6.73, 6.6.74, 6.6.75, 6.6.76, 6.6.77, 6.6.78, 6.6.79, 6.6.80, 6.6.81, 6.6.82, 6.6.83, 6.6.84, 6.6.85, 6.6.86, 6.6.87, 6.12, 6.12.1, 6.12.2, 6.12.3, 6.12.4, 6.12.5, 6.12.6, 6.12.7, 6.12.8, 6.12.9, 6.12.10, 6.12.11, 6.12.12, 6.12.13, 6.12.14, 6.12.15, 6.12.16, 6.12.17, 6.12.18, 6.12.19, 6.12.20, 6.12.21, 6.12.22, 6.12.23, 6.13, 6.13.1, 6.13.2, 6.13.3, 6.13.4, 6.13.5, 6.13.6, 6.13.7, 6.13.8, 6.13.9, 6.13.10, 6.13.11, 6.14, 6.14.1, 6.14.2

External links
https://git.kernel.org/stable/c/1a322b330dc0b775d1d7a84e55c752d9451bfe7d
https://git.kernel.org/stable/c/24b9e0e2e6147314c22d821f0542c4dd9a320c40
https://git.kernel.org/stable/c/a36f8d544522a19ef06ed9e84667d154dcb6be52
https://git.kernel.org/stable/c/f84c57906f0fd2185e557d2552b20aa8430a4677
https://git.kernel.org/stable/c/fe9d0061c413f8fb8c529b18b592b04170850ded
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.24
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.12
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.3
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.88

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for linux-azure

Ubuntu update for linux

SUSE update for the Linux Kernel

NULL pointer dereference in Linux kernel amd amdkfd driver