CVE-2025-38426
MEDIUMCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Description
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add basic validation for RAS header If RAS header read from EEPROM is corrupted, it could result in trying to allocate huge memory for reading the records. Add some validation to header fields.
Analysis
Linux kernel RAS (Reliability, Availability, Serviceability) header validation in the AMD GPU driver (amdgpu) lacks input sanitization, allowing a local authenticated attacker to trigger denial of service through excessive memory allocation when reading corrupted EEPROM data. The vulnerability affects all Linux kernel versions with the vulnerable amdgpu driver code path and requires local access with standard user privileges. No public exploit code has been identified; the EPSS score of 0.02% (5th percentile) indicates low real-world exploitation probability despite the moderate CVSS 5.5 rating.
Technical Context
The amdgpu driver in the Linux kernel interfaces with GPU-resident EEPROM storage to read Reliability, Availability, and Serviceability (RAS) telemetry records. The vulnerability exists in the RAS header parsing logic, specifically the code that reads and validates header fields before allocating memory buffers for RAS record data. When an EEPROM header is corrupted or maliciously crafted, the lack of bounds checking on header fields (likely record count, record size, or total buffer size fields) could cause the kernel to attempt allocation of unusually large memory regions. This is a classic integer overflow or lack-of-bounds-validation vulnerability (analogous to CWE-190 or CWE-190-adjacent integer handling flaws) that manifests as resource exhaustion. The affected product is the Linux kernel (CPE:cpe:2.3:o:linux:linux_kernel) across all versions containing the vulnerable amdgpu driver code.
Affected Products
Linux kernel versions prior to the patch commit dates (evidenced by reference commits 0479268fdfaaff6e15d69e8a8387410f36d1b793, 5df0d6addb7e9b6f71f7162d1253762a5be9138e, b52f52bc5ba9feb026c0be600f8ac584fd12d187, and e1903358b2152f5d64a83e796bb776aba0d3628d) are affected. The vulnerability is specific to kernel builds that include the AMD GPU (amdgpu) driver with the vulnerable RAS header parsing code. The exact version ranges are not enumerated in the provided data, but the CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* indicates all versions are potentially affected unless patched. Users should verify their kernel version against the upstream git history referenced in the kernel security advisories.
Remediation
Apply the upstream Linux kernel patch by updating to a kernel version that includes one or more of the referenced commits (0479268fdfaaff6e15d69e8a8387410f36d1b793, 5df0d6addb7e9b6f71f7162d1253762a5be9138e, b52f52bc5ba9feb026c0be600f8ac584fd12d187, or e1903358b2152f5d64a83e796bb776aba0d3628d). Coordinate with your Linux distribution vendor to identify the specific kernel release version that includes these commits; patches are tracked in the upstream kernel source tree at https://git.kernel.org/stable/. Until a patched kernel can be deployed, restrict local system access to trusted users only and disable GPU RAS monitoring features if available in the driver configuration. Organizations running AMD GPU workloads should schedule kernel updates during the next maintenance window, prioritizing this after higher-risk CVE patches.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today