CVE-2025-37853 – A NULL pointer dereference vulnerability in the... (How to Fix)

Q: What is the severity of CVE-2025-37853?

CVE-2025-37853 has a CVSS score of 5.5 (MEDIUM). A NULL pointer dereference vulnerability in the Linux kernel's AMD GPU driver (drm/amdkfd) allows local attackers to crash the kernel when accessing the debugfs hang_hws interface on systems with MES (Micro-Engine Scheduler) enabled. This affects Linux systems with AMD GPUs using the MES path. The vulnerability requires local access to debugfs.

📋 TL;DR

A NULL pointer dereference vulnerability in the Linux kernel's AMD GPU driver (drm/amdkfd) allows local attackers to crash the kernel when accessing the debugfs hang_hws interface on systems with MES (Micro-Engine Scheduler) enabled. This affects Linux systems with AMD GPUs using the MES path. The vulnerability requires local access to debugfs.

💻 Affected Systems

Products:

Linux kernel with AMD GPU driver (drm/amdkfd)

Versions: Linux kernel versions before fixes in stable commits 1a322b330dc0b775d1d7a84e55c752d9451bfe7d, 24b9e0e2e6147314c22d821f0542c4dd9a320c40, a36f8d544522a19ef06ed9e84667d154dcb6be52, f84c57906f0fd2185e557d2552b20aa8430a4677, fe9d0061c413f8fb8c529b18b592b04170850ded

Operating Systems: Linux distributions with affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with AMD GPUs using MES (Micro-Engine Scheduler) path. Requires debugfs access.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local denial of service causing kernel panic and system crash, potentially leading to data loss or service disruption.

🟠

Likely Case

Local denial of service through kernel crash when malicious user accesses debugfs interface.

🟢

If Mitigated

No impact if debugfs access is restricted or MES is not used.

🌐 Internet-Facing: LOW - Requires local access to debugfs interface.

🏢 Internal Only: MEDIUM - Local users with debugfs access can cause system crashes.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to debugfs interface. Simple trigger via debugfs access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel versions containing the stable commits listed in references

Vendor Advisory: https://git.kernel.org/stable/c/1a322b330dc0b775d1d7a84e55c752d9451bfe7d

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing fixes. 2. Reboot system. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable debugfs access

linux

Restrict access to debugfs to prevent exploitation

mount -o remount,nodev,noexec,nosuid /sys/kernel/debug

Disable MES if not needed

linux

Disable Micro-Engine Scheduler if not required for GPU operations

echo 0 > /sys/module/amdgpu/parameters/mes

🧯 If You Can't Patch

Restrict debugfs access to root only using mount options
Implement strict user privilege separation to limit debugfs access

🔍 How to Verify

Check if Vulnerable:

Check if system has AMD GPU with MES enabled and debugfs accessible: lsmod | grep amdgpu && cat /sys/module/amdgpu/parameters/mes

Check Version:

uname -r

Verify Fix Applied:

Check kernel version contains fix commits: uname -r && zgrep -i '1a322b330dc0b775d1d7a84e55c752d9451bfe7d\|24b9e0e2e6147314c22d821f0542c4dd9a320c40\|a36f8d544522a19ef06ed9e84667d154dcb6be52\|f84c57906f0fd2185e557d2552b20aa8430a4677\|fe9d0061c413f8fb8c529b18b592b04170850ded' /proc/config.gz

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs mentioning NULL pointer dereference in drm/amdkfd
System crash logs with amdgpu or kfd modules

Network Indicators:

None - local vulnerability only

SIEM Query:

event_source="kernel" AND (message CONTAINS "NULL pointer dereference" OR message CONTAINS "amdgpu" OR message CONTAINS "kfd")

📊 Metadata

CVE ID: CVE-2025-37853

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.02% exploit probability (5.7th percentile)

Published: May 9, 2025

Last Updated: November 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-37853, you might also want to check these: