CVE-2025-21842

EUVD-2025-7593
In the Linux kernel, the following vulnerability has been resolved:

amdkfd: properly free gang_ctx_bo when failed to init user queue

The destructor of a gtt bo is declared as
void amdgpu_amdkfd_free_gtt_mem(struct amdgpu_device *adev, void **mem_obj);
Which takes void** as the second parameter.

GCC allows passing void* to the function because void* can be implicitly
casted to any other types, so it can pass compiling.

However, passing this void* parameter into the function's
execution process(which expects void** and dereferencing void**)
will result in errors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
6.12 ≤
𝑥
< 6.12.16
linuxlinux_kernel
6.13 ≤
𝑥
< 6.13.4
linuxlinux_kernel
6.14:rc1
linuxlinux_kernel
6.14:rc2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.170-3
fixed
bookworm (security)
6.1.174-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.257-1
fixed
forky
7.0.10-1
fixed
sid
7.0.10-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.90-2
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
kernel-64kb
suse enterprise desktop 15 SP7
6.4.0-150700.53.6.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.6.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.6.1
fixed
kernel-azure
suse enterprise sap 15 SP7
6.4.0-150700.20.6.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.20.6.1
fixed
kernel-default
suse enterprise desktop 15 SP7
6.4.0-150700.53.6.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.6.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.6.1
fixed
kernel-default-base
suse enterprise desktop 15 SP7
6.4.0-150700.53.6.1.150700.17.6.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.6.1.150700.17.6.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.6.1.150700.17.6.1
fixed
kernel-docs
suse enterprise desktop 15 SP7
6.4.0-150700.53.6.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.6.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.6.1
fixed
kernel-macros
suse enterprise desktop 15 SP7
6.4.0-150700.53.6.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.6.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.6.1
fixed
kernel-obs-build
suse enterprise desktop 15 SP7
6.4.0-150700.53.6.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.6.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.6.1
fixed
kernel-source
suse enterprise desktop 15 SP7
6.4.0-150700.53.6.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.6.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.6.1
fixed
kernel-source-azure
suse enterprise sap 15 SP7
6.4.0-150700.20.6.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.20.6.1
fixed
kernel-syms
suse enterprise desktop 15 SP7
6.4.0-150700.53.6.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.6.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.6.1
fixed
kernel-syms-azure
suse enterprise sap 15 SP7
6.4.0-150700.20.6.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.20.6.1
fixed
kernel-zfcpdump
suse enterprise desktop 15 SP7
6.4.0-150700.53.6.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.6.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.6.1
fixed
References
https://git.kernel.org/stable/c/091a68c58c1bbd2ab7d05d1b32c1306394ec691d
https://git.kernel.org/stable/c/a33f7f9660705fb2ecf3467b2c48965564f392ce
https://git.kernel.org/stable/c/ae5ab1c1ae504f622cc1ff48830a9ed48428146d