CVE-2025-21990 in Linux
Summary
by MITRE • 04/02/2025
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags
PRT BOs may not have any backing store, so bo->tbo.resource will be NULL. Check for that before dereferencing.
(cherry picked from commit 3e3fcd29b505cebed659311337ea03b7698767fc)
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 02/16/2026
The vulnerability identified as CVE-2025-21990 affects the Linux kernel's graphics driver subsystem, specifically within the amdgpu driver component responsible for managing AMD GPU graphics processing units. This issue resides in the graphics memory management functionality where the driver attempts to determine page table entry flags for GFX12 architecture GPUs during memory allocation operations. The flaw manifests when processing pre-reserved texture (PRT) buffer objects that may not possess any backing storage, creating a potential null pointer dereference condition that could lead to system instability or privilege escalation.
The technical root cause stems from inadequate null pointer validation within the graphics memory management code path. When the driver processes buffer objects for GFX12 GPUs, it attempts to access the backing store resource through the bo->tbo.resource pointer without first verifying whether this pointer contains a valid memory reference. In certain scenarios involving PRT buffer objects, this resource pointer can legitimately be NULL, yet the code proceeds to dereference it without proper validation, resulting in a kernel memory access violation that may crash the system or allow unauthorized code execution.
This vulnerability operates at the kernel level within the Direct Rendering Manager (DRM) subsystem, which serves as the primary interface for graphics hardware management in Linux systems. The impact extends beyond simple system crashes to potentially enable privilege escalation attacks, as demonstrated by the ATT&CK framework's privilege escalation techniques where kernel-level memory corruption can be leveraged to gain elevated system privileges. The CWE-476 classification applies directly to this issue, as it represents a null pointer dereference vulnerability in kernel space memory management operations.
The operational impact of this vulnerability affects systems running Linux kernels with AMD GPU support, particularly those utilizing GFX12 architecture graphics processors. Systems that frequently allocate and manage graphics buffer objects, including gaming platforms, workstation environments, and server configurations with GPU acceleration, face potential exposure. The vulnerability can be triggered through normal graphics operations involving buffer object allocation and memory management, making it particularly concerning for production environments where system stability and security are paramount. Attackers could exploit this through crafted graphics applications or by leveraging existing graphics drivers to execute malicious code with kernel privileges.
Mitigation strategies should prioritize immediate kernel updates from the vendor to address the null pointer dereference condition. System administrators should implement comprehensive patch management procedures to ensure all affected systems receive the security fix promptly. Additional protective measures include monitoring system logs for kernel oops or memory access violation events that may indicate exploitation attempts. The fix implemented in the kernel includes proper null pointer validation before accessing buffer object resource pointers, aligning with secure coding practices recommended by the CERT/CC and other security organizations for preventing kernel-level memory corruption vulnerabilities. Organizations should also consider implementing runtime protections such as kernel address space layout randomization and stack canaries to further reduce exploitability.