Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Local GPU-capable user (AV:L/PR:L), no interaction (UI:N); OOB read leaks kernel GTT memory and OOB write corrupts it, giving high C/I/A.
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
9DescriptionNVD
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11
The v11 MQD manager incorrectly assigned the CP-compute variants of checkpoint_mqd/restore_mqd for KFD_MQD_TYPE_SDMA queues. These functions use sizeof(struct v11_compute_mqd) (2048 bytes) instead of sizeof(struct v11_sdma_mqd) (512 bytes), causing a 1536-byte overflow.
During CRIU checkpoint of an SDMA queue on Navi3x:
- checkpoint_mqd() reads 2048 bytes from a 512-byte SDMA MQD buffer,
leaking 1536 bytes of adjacent GTT memory to userspace
During CRIU restore:
- restore_mqd() writes 2048 bytes into a 512-byte SDMA MQD buffer,
corrupting 1536 bytes of adjacent GTT memory (often the ring buffer or neighboring MQDs)
This is a copy-paste regression unique to v11. All other ASIC backends (cik, vi, v9, v10, v12) correctly use the SDMA-specific variants.
Add checkpoint_mqd_sdma() and restore_mqd_sdma() functions that properly handle the smaller v11_sdma_mqd structure, matching the pattern used in other MQD managers.
(cherry picked from commit 6fa41db7ffdec97d62433adf03b7b9b759af8c2c)
AnalysisAI
Local information disclosure and memory corruption in the Linux kernel's AMD KFD (amdkfd) driver affects GFX11/Navi3x GPUs, where the v11 MQD manager wrongly used CP-compute checkpoint/restore handlers for SDMA queues. During a CRIU checkpoint or restore of an SDMA queue, the driver treats a 512-byte v11_sdma_mqd buffer as a 2048-byte v11_compute_mqd, so it either leaks 1536 bytes of adjacent GTT memory to userspace or overwrites 1536 bytes of neighboring GTT memory (ring buffers or adjacent MQDs). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires local access to a host with an AMD GFX11/Navi3x (RDNA3) GPU and the ability to run a GPU compute workload that creates a KFD_MQD_TYPE_SDMA queue, then to trigger a CRIU checkpoint (for the 1536-byte GTT memory-disclosure read) or a CRIU restore of an attacker-influenced image (for the 1536-byte GTT out-of-bounds write). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | This is a genuine memory-safety bug but a modest real-world priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local low-privileged user on a workstation or GPU node fitted with a Navi3x/RDNA3 card starts a compute process that creates an SDMA queue, then invokes a CRIU checkpoint; the driver reads 2048 bytes from the 512-byte MQD and returns 1536 bytes of adjacent GTT memory into the userspace checkpoint image, disclosing kernel-managed data. Conversely, crafting a CRIU restore image causes restore_mqd() to write 2048 bytes into the 512-byte buffer, corrupting neighboring ring buffers or MQDs for a denial of service or potential further manipulation. … |
| Remediation | Vendor-released patch: update to a fixed stable kernel - 6.6.143, 6.12.94, 7.0.13, or 6.18.36 (or 7.1 mainline), whichever matches your branch - which adds dedicated checkpoint_mqd_sdma() and restore_mqd_sdma() functions that use the correct 512-byte v11_sdma_mqd size. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory systems running GFX11/Navi3x AMD GPUs with Linux kernel. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Checkpoint
View allbackend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to e
The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data
PyTorch is a Python package that provides tensor computation. [CVSS 8.8 HIGH]
Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. Rated high sever
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the inte
Remote code execution in PyTorch Lightning through 2.6.5 allows an attacker who can get a victim to load a malicious che
Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH lo
A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security clien
Multiple unspecified vulnerabilities in Check Point Security Gateway 80 R71.x before R71.45 (730159141) and R75.20.x bef
Arbitrary code execution via torch-checkpoint-shrink.py script in ml-engineering project allows remote attackers to exec
Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without us
Arbitrary code execution in Snorkel machine learning library (≤v0.10.0) occurs when users load malicious model checkpoin
Same weakness CWE-131 – Incorrect Calculation of Buffer Size
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39234
GHSA-c92m-wmf9-qxfw