Linux Kernel EUVD-2026-25459

| CVE-2026-31566 HIGH
Use After Free (CWE-416)
2026-04-24 Linux GHSA-j5m6-wgmm-m7m9
Amd Information Disclosure Linux Memory Corruption Use After Free
7.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Re-analysis Queued
Apr 27, 2026 - 20:37 vuln.today
cvss_changed
Analysis Generated
Apr 27, 2026 - 15:30 vuln.today
CVSS changed
Apr 27, 2026 - 15:22 NVD
7.8 (HIGH)
Patch available
Apr 24, 2026 - 16:16 EUVD

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib

amdgpu_amdkfd_submit_ib() submits a GPU job and gets a fence from amdgpu_ib_schedule(). This fence is used to wait for job completion.

Currently, the code drops the fence reference using dma_fence_put() before calling dma_fence_wait().

If dma_fence_put() releases the last reference, the fence may be freed before dma_fence_wait() is called. This can lead to a use-after-free.

Fix this by waiting on the fence first and releasing the reference only after dma_fence_wait() completes.

Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c:697 amdgpu_amdkfd_submit_ib() warn: passing freed memory 'f' (line 696)

(cherry picked from commit 8b9e5259adc385b61a6590a13b82ae0ac2bd3482)

AnalysisAI

Use-after-free in Linux kernel AMD GPU driver allows local authenticated users to potentially execute arbitrary code, escalate privileges, or cause denial of service. The amdgpu_amdkfd_submit_ib() function in the AMD KFD (Kernel Fusion Driver) prematurely releases a DMA fence reference before waiting on it, creating a race condition where the fence memory may be freed before use. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify systems running Linux kernels 6.1.x through 7.0.x with AMD GPU drivers and document their criticality classification. Within 7 days: Apply vendor-released patches (upgrade to kernel 6.1.168, 6.6.131, 6.12.80, 6.18.21, 6.19.11, or 7.0 and later as applicable) on all non-production systems and begin staged deployment to production. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-31669 CRITICAL
9.8 Apr 24

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in __inet_lookup_est
CVE-2026-31649 CRITICAL
9.8 Apr 24

Integer underflow in Linux kernel stmmac network driver allows kernel memory disclosure and potential corruption via cra
CVE-2026-31657 CRITICAL
9.8 Apr 24

Use-after-free in Linux kernel batman-adv (B.A.T.M.A.N. Advanced mesh networking) allows remote network attackers to tri
CVE-2026-31659 CRITICAL
9.8 Apr 24

In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buf
CVE-2026-31668 CRITICAL
9.8 Apr 24

In the Linux kernel, the following vulnerability has been resolved: seg6: separate dst_cache for input and output paths

Share

EUVD-2026-25459 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy