CVE-2025-37769 – A division by zero vulnerability in the AMD GPU... (How to Fix)

Q: What is the severity of CVE-2025-37769?

CVE-2025-37769 has a CVSS score of 5.5 (MEDIUM). A division by zero vulnerability in the AMD GPU power management driver (drm/amd/pm/smu11) in the Linux kernel allows local attackers to cause a kernel panic or system crash. This affects Linux systems with AMD GPUs where users can set custom speed values. The vulnerability requires local access to the system.

📋 TL;DR

A division by zero vulnerability in the AMD GPU power management driver (drm/amd/pm/smu11) in the Linux kernel allows local attackers to cause a kernel panic or system crash. This affects Linux systems with AMD GPUs where users can set custom speed values. The vulnerability requires local access to the system.

💻 Affected Systems

Products:

Linux kernel with AMD GPU drivers

Versions: Kernel versions before the fix commit da7dc714a8f8e1c9fc33c57cd63583779a3bef71

Operating Systems: Linux distributions with affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with AMD GPUs using the smu11 power management driver. Requires ability to modify GPU speed settings.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.

🟠

Likely Case

Local denial of service through system crash when malicious speed values are set.

🟢

If Mitigated

No impact if proper access controls prevent unprivileged users from modifying GPU settings.

🌐 Internet-Facing: LOW - Requires local access to exploit, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local users or compromised accounts could crash systems, affecting availability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access and ability to set GPU speed values. No authentication bypass needed if user already has required permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commit da7dc714a8f8e1c9fc33c57cd63583779a3bef71

Vendor Advisory: https://git.kernel.org/stable/c/63a150400194592206817124268ff6f43947e8c9

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commit. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Restrict GPU speed modification

linux

Limit access to GPU speed control interfaces to prevent unprivileged users from triggering the vulnerability

chmod 600 /sys/class/drm/card*/device/pp_dpm_sclk
chmod 600 /sys/class/drm/card*/device/pp_dpm_mclk

🧯 If You Can't Patch

Restrict access to GPU control interfaces to privileged users only
Monitor system logs for kernel panic events related to AMD GPU drivers

🔍 How to Verify

Check if Vulnerable:

Check if kernel version is before the fix commit: uname -r and compare with patched versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version contains commit da7dc714a8f8e1c9fc33c57cd63583779a3bef71: git log --oneline | grep da7dc714a8f8e1c9fc33c57cd63583779a3bef71

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
AMDGPU driver crash logs
System crash/reboot events

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "BUG") AND "amd"

📊 Metadata

CVE ID: CVE-2025-37769

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-369

EPSS Score: 0.03% exploit probability (6.7th percentile)

Published: May 1, 2025

Last Updated: November 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-37769, you might also want to check these: