CVE-2025-37854 – A use-after-free vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2025-37854?

CVE-2025-37854 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in the Linux kernel's AMDKFD driver allows local attackers to cause denial of service or potentially execute arbitrary code. This affects systems with AMD GPUs using the affected kernel versions. The vulnerability occurs during GPU recovery when hardware scheduler hangs trigger mode1 reset procedures.

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's AMDKFD driver allows local attackers to cause denial of service or potentially execute arbitrary code. This affects systems with AMD GPUs using the affected kernel versions. The vulnerability occurs during GPU recovery when hardware scheduler hangs trigger mode1 reset procedures.

💻 Affected Systems

Products:

Linux kernel with AMDKFD driver

Versions: Specific affected kernel versions not specified in CVE, but patches available in stable kernel trees.

Operating Systems: Linux distributions with affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires AMD GPU hardware and KFD driver enabled. Systems without AMD GPUs or with KFD disabled are not affected.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level code execution, potentially leading to full system compromise.

🟠

Likely Case

Kernel panic or system crash causing denial of service, requiring system reboot.

🟢

If Mitigated

Limited to denial of service if exploit attempts fail or system has additional protections.

🌐 Internet-Facing: LOW - Requires local access to the system.

🏢 Internal Only: MEDIUM - Local users or compromised accounts could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and knowledge of GPU operations. Race condition makes timing-dependent exploitation challenging.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel trees (commits referenced in CVE)

Vendor Advisory: https://git.kernel.org/stable/c/57c9dabda80ac167de8cd71231baae37cc2f442d

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from distribution repositories. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.

🔧 Temporary Workarounds

Disable AMDKFD driver

linux

Prevent loading of vulnerable AMDKFD kernel module

echo 'blacklist amdkfd' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

Restrict local user access to systems with AMD GPUs
Implement strict privilege separation and limit GPU access to trusted users only

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if amdkfd module is loaded: lsmod | grep amdkfd

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and check dmesg for successful GPU operations without crashes

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
GPU reset failures in dmesg
AMD KFD driver crash logs

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "amdkfd" OR "GPU reset")

📊 Metadata

CVE ID: CVE-2025-37854

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.03% exploit probability (6.8th percentile)

Published: May 9, 2025

Last Updated: November 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-37854, you might also want to check these: