CVE-2025-38520: drm/amdkfd: Don't call mmput from MMU notifier callback
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Don't call mmput from MMU notifier callback
If the process is exiting, the mmput inside mmu notifier callback from
compactd or fork or numa balancing could release the last reference
of mm struct to call exit_mmap and free_pgtable, this triggers deadlock
with below backtrace.
The deadlock will leak kfd process as mmu notifier release is not called
and cause VRAM leaking.
The fix is to take mm reference mmget_non_zero when adding prange to the
deferred list to pair with mmput in deferred list work.
If prange split and add into pchild list, the pchild work_item.mm is not
used, so remove the mm parameter from svm_range_unmap_split and
svm_range_add_child.
The backtrace of hung task:
INFO: task python:348105 blocked for more than 64512 seconds.
Call Trace:
__schedule+0x1c3/0x550
schedule+0x46/0xb0
rwsem_down_write_slowpath+0x24b/0x4c0
unlink_anon_vmas+0xb1/0x1c0
free_pgtables+0xa9/0x130
exit_mmap+0xbc/0x1a0
mmput+0x5a/0x140
svm_range_cpu_invalidate_pagetables+0x2b/0x40 [amdgpu]
mn_itree_invalidate+0x72/0xc0
__mmu_notifier_invalidate_range_start+0x48/0x60
try_to_unmap_one+0x10fa/0x1400
rmap_walk_anon+0x196/0x460
try_to_unmap+0xbb/0x210
migrate_page_unmap+0x54d/0x7e0
migrate_pages_batch+0x1c3/0xae0
migrate_pages_sync+0x98/0x240
migrate_pages+0x25c/0x520
compact_zone+0x29d/0x590
compact_zone_order+0xb6/0xf0
try_to_compact_pages+0xbe/0x220
__alloc_pages_direct_compact+0x96/0x1a0
__alloc_pages_slowpath+0x410/0x930
__alloc_pages_nodemask+0x3a9/0x3e0
do_huge_pmd_anonymous_page+0xd7/0x3e0
__handle_mm_fault+0x5e3/0x5f0
handle_mm_fault+0xf7/0x2e0
hmm_vma_fault.isra.0+0x4d/0xa0
walk_pmd_range.isra.0+0xa8/0x310
walk_pud_range+0x167/0x240
walk_pgd_range+0x55/0x100
__walk_page_range+0x87/0x90
walk_page_range+0xf6/0x160
hmm_range_fault+0x4f/0x90
amdgpu_hmm_range_get_pages+0x123/0x230 [amdgpu]
amdgpu_ttm_tt_get_user_pages+0xb1/0x150 [amdgpu]
init_user_pages+0xb1/0x2a0 [amdgpu]
amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x543/0x7d0 [amdgpu]
kfd_ioctl_alloc_memory_of_gpu+0x24c/0x4e0 [amdgpu]
kfd_ioctl+0x29d/0x500 [amdgpu]
(cherry picked from commit a29e067bd38946f752b0ef855f3dfff87e77bec7)
Security readout for executives and security teams
Plain-English summary
This Linux kernel issue can deadlock AMD GPU memory handling during process exit or memory-management activity. The documented effect is hung tasks, leaked KFD process state, and VRAM leakage. Business risk is mainly availability on systems using affected Linux kernels with AMD GPU compute paths.
Executive priority
Treat as a targeted availability risk for AMD GPU Linux fleets, not a broad internet-facing emergency based on current evidence. Patch through normal kernel maintenance, faster for GPU compute, shared research, or production systems where VRAM leakage and hangs affect service reliability.
Technical view
The flaw is in drm/amdkfd MMU notifier handling. Calling mmput from the notifier callback can release the last mm reference and enter exit_mmap/free_pgtable in a deadlock-prone path. The fix moves reference handling to deferred work using mmget_non_zero paired with mmput.
Likely exposure
Exposure is most likely on Linux systems running affected kernel versions with AMDGPU/KFD functionality in use. The source lists Linux kernel affected entries including 5.19, 6.1.148, 6.6.101, 6.12.39, 6.15.7, and 6.16. Downstream distro exposure needs vendor mapping.
Exploitation context
The source bundle provides a hung-task backtrace and states the consequence is deadlock and VRAM leakage. It does not cite active exploitation, and KEV is false. No public exploitability details or attack preconditions are established in the provided sources.
Researcher notes
The evidence is specific to a kernel deadlock path in drm/amdkfd. The supplied affected-version data is sparse and includes upstream versions and commits, so validate against downstream kernel backports. The impact described is resource leakage and hang behavior; confidentiality and integrity impact are not evidenced.
Mitigation direction
Update to a vendor kernel containing the referenced stable fixes.
Check Debian LTS and other distro advisories for packaged kernel guidance.
Prioritize systems using AMDGPU/KFD or GPU compute workloads.
Plan reboot windows where kernel replacement is required.
If unsupported, consult vendor guidance for safe temporary exposure reduction.
Validation and detection
Inventory running kernel versions on Linux GPU systems.
Confirm whether amdgpu and amdkfd are present or loaded.
Review logs for hung tasks resembling the provided backtrace.
Verify the deployed kernel includes the referenced stable commit lineage.
Track distro advisory status before closing remediation tickets.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2025-38520 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
1ADP providers
7Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Aug 16, 2025, 10:55 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.