CVE-2025-38598

{"id": "CVE-2025-38598", "cveTags": [], "metrics": {}, "published": "2025-08-19T17:15:37.753", "references": [{"url": "https://git.kernel.org/stable/c/96f663ae897b3e6ac17ced1d9b9c2ae9f165ad9a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a886d26f2c8f9e3f3c1869ae368d09c75daac553", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix use-after-free in amdgpu_userq_suspend+0x51a/0x5a0\n\n[ +0.000020] BUG: KASAN: slab-use-after-free in amdgpu_userq_suspend+0x51a/0x5a0 [amdgpu]\n[ +0.000817] Read of size 8 at addr ffff88812eec8c58 by task amd_pci_unplug/1733\n\n[ +0.000027] CPU: 10 UID: 0 PID: 1733 Comm: amd_pci_unplug Tainted: G W 6.14.0+ #2\n[ +0.000009] Tainted: [W]=WARN\n[ +0.000003] Hardware name: ASUS System Product Name/ROG STRIX B550-F GAMING (WI-FI), BIOS 1401 12/03/2020\n[ +0.000004] Call Trace:\n[ +0.000004] <TASK>\n[ +0.000003] dump_stack_lvl+0x76/0xa0\n[ +0.000011] print_report+0xce/0x600\n[ +0.000009] ? srso_return_thunk+0x5/0x5f\n[ +0.000006] ? kasan_complete_mode_report_info+0x76/0x200\n[ +0.000007] ? kasan_addr_to_slab+0xd/0xb0\n[ +0.000006] ? amdgpu_userq_suspend+0x51a/0x5a0 [amdgpu]\n[ +0.000707] kasan_report+0xbe/0x110\n[ +0.000006] ? amdgpu_userq_suspend+0x51a/0x5a0 [amdgpu]\n[ +0.000541] __asan_report_load8_noabort+0x14/0x30\n[ +0.000005] amdgpu_userq_suspend+0x51a/0x5a0 [amdgpu]\n[ +0.000535] ? stop_cpsch+0x396/0x600 [amdgpu]\n[ +0.000556] ? stop_cpsch+0x429/0x600 [amdgpu]\n[ +0.000536] ? __pfx_amdgpu_userq_suspend+0x10/0x10 [amdgpu]\n[ +0.000536] ? srso_return_thunk+0x5/0x5f\n[ +0.000004] ? kgd2kfd_suspend+0x132/0x1d0 [amdgpu]\n[ +0.000542] amdgpu_device_fini_hw+0x581/0xe90 [amdgpu]\n[ +0.000485] ? down_write+0xbb/0x140\n[ +0.000007] ? __mutex_unlock_slowpath.constprop.0+0x317/0x360\n[ +0.000005] ? __pfx_amdgpu_device_fini_hw+0x10/0x10 [amdgpu]\n[ +0.000482] ? __kasan_check_write+0x14/0x30\n[ +0.000004] ? srso_return_thunk+0x5/0x5f\n[ +0.000004] ? up_write+0x55/0xb0\n[ +0.000007] ? srso_return_thunk+0x5/0x5f\n[ +0.000005] ? blocking_notifier_chain_unregister+0x6c/0xc0\n[ +0.000008] amdgpu_driver_unload_kms+0x69/0x90 [amdgpu]\n[ +0.000484] amdgpu_pci_remove+0x93/0x130 [amdgpu]\n[ +0.000482] pci_device_remove+0xae/0x1e0\n[ +0.000008] device_remove+0xc7/0x180\n[ +0.000008] device_release_driver_internal+0x3d4/0x5a0\n[ +0.000007] device_release_driver+0x12/0x20\n[ +0.000004] pci_stop_bus_device+0x104/0x150\n[ +0.000006] pci_stop_and_remove_bus_device_locked+0x1b/0x40\n[ +0.000005] remove_store+0xd7/0xf0\n[ +0.000005] ? __pfx_remove_store+0x10/0x10\n[ +0.000006] ? __pfx__copy_from_iter+0x10/0x10\n[ +0.000006] ? __pfx_dev_attr_store+0x10/0x10\n[ +0.000006] dev_attr_store+0x3f/0x80\n[ +0.000006] sysfs_kf_write+0x125/0x1d0\n[ +0.000004] ? srso_return_thunk+0x5/0x5f\n[ +0.000005] ? __kasan_check_write+0x14/0x30\n[ +0.000005] kernfs_fop_write_iter+0x2ea/0x490\n[ +0.000005] ? rw_verify_area+0x70/0x420\n[ +0.000005] ? __pfx_kernfs_fop_write_iter+0x10/0x10\n[ +0.000006] vfs_write+0x90d/0xe70\n[ +0.000005] ? srso_return_thunk+0x5/0x5f\n[ +0.000005] ? __pfx_vfs_write+0x10/0x10\n[ +0.000004] ? local_clock+0x15/0x30\n[ +0.000008] ? srso_return_thunk+0x5/0x5f\n[ +0.000004] ? __kasan_slab_free+0x5f/0x80\n[ +0.000005] ? srso_return_thunk+0x5/0x5f\n[ +0.000004] ? __kasan_check_read+0x11/0x20\n[ +0.000004] ? srso_return_thunk+0x5/0x5f\n[ +0.000004] ? fdget_pos+0x1d3/0x500\n[ +0.000007] ksys_write+0x119/0x220\n[ +0.000005] ? putname+0x1c/0x30\n[ +0.000006] ? __pfx_ksys_write+0x10/0x10\n[ +0.000007] __x64_sys_write+0x72/0xc0\n[ +0.000006] x64_sys_call+0x18ab/0x26f0\n[ +0.000006] do_syscall_64+0x7c/0x170\n[ +0.000004] ? srso_return_thunk+0x5/0x5f\n[ +0.000004] ? __pfx___x64_sys_openat+0x10/0x10\n[ +0.000006] ? srso_return_thunk+0x5/0x5f\n[ +0.000004] ? __kasan_check_read+0x11/0x20\n[ +0.000003] ? srso_return_thunk+0x5/0x5f\n[ +0.000004] ? fpregs_assert_state_consistent+0x21/0xb0\n[ +0.000006] ? srso_return_thunk+0x5/0x5f\n[ +0.000004] ? syscall_exit_to_user_mode+0x4e/0x240\n[ +0.000005] ? srso_return_thunk+0x5/0x5f\n[ +0.000004] ? do_syscall_64+0x88/0x170\n[ +0.000003] ? srso_return_thunk+0x5/0x5f\n[ +0.000004] ? irqentry_exit+0x43/0x50\n[ +0.000004] ? srso_return_thunk+0x5\n---truncated---"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: correcci\u00f3n del use-after-free en amdgpu_userq_suspend+0x51a/0x5a0 [ +0.000020] ERROR: KASAN: slab-use-after-free in amdgpu_userq_suspend+0x51a/0x5a0 [amdgpu] [ +0.000817] Read of size 8 at addr ffff88812eec8c58 by task amd_pci_unplug/1733 [ +0.000027] CPU: 10 UID: 0 PID: 1733 Comm: amd_pci_unplug Tainted: G W 6.14.0+ #2 [ +0.000009] Tainted: [W]=WARN [ +0.000003] Hardware name: ASUS System Product Name/ROG STRIX B550-F GAMING (WI-FI), BIOS 1401 12/03/2020 [ +0.000004] Call Trace: [ +0.000004] [ +0.000003] dump_stack_lvl+0x76/0xa0 [ +0.000011] print_report+0xce/0x600 [ +0.000009] ? srso_return_thunk+0x5/0x5f [ +0.000006] ? kasan_complete_mode_report_info+0x76/0x200 [ +0.000007] ? kasan_addr_to_slab+0xd/0xb0 [ +0.000006] ? amdgpu_userq_suspend+0x51a/0x5a0 [amdgpu] [ +0.000707] kasan_report+0xbe/0x110 [ +0.000006] ? amdgpu_userq_suspend+0x51a/0x5a0 [amdgpu] [ +0.000541] __asan_report_load8_noabort+0x14/0x30 [ +0.000005] amdgpu_userq_suspend+0x51a/0x5a0 [amdgpu] [ +0.000535] ? stop_cpsch+0x396/0x600 [amdgpu] [ +0.000556] ? stop_cpsch+0x429/0x600 [amdgpu] [ +0.000536] ? __pfx_amdgpu_userq_suspend+0x10/0x10 [amdgpu] [ +0.000536] ? srso_return_thunk+0x5/0x5f [ +0.000004] ? kgd2kfd_suspend+0x132/0x1d0 [amdgpu] [ +0.000542] amdgpu_device_fini_hw+0x581/0xe90 [amdgpu] [ +0.000485] ? down_write+0xbb/0x140 [ +0.000007] ? __mutex_unlock_slowpath.constprop.0+0x317/0x360 [ +0.000005] ? __pfx_amdgpu_device_fini_hw+0x10/0x10 [amdgpu] [ +0.000482] ? __kasan_check_write+0x14/0x30 [ +0.000004] ? srso_return_thunk+0x5/0x5f [ +0.000004] ? up_write+0x55/0xb0 [ +0.000007] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? blocking_notifier_chain_unregister+0x6c/0xc0 [ +0.000008] amdgpu_driver_unload_kms+0x69/0x90 [amdgpu] [ +0.000484] amdgpu_pci_remove+0x93/0x130 [amdgpu] [ +0.000482] pci_device_remove+0xae/0x1e0 [ +0.000008] device_remove+0xc7/0x180 [ +0.000008] device_release_driver_internal+0x3d4/0x5a0 [ +0.000007] device_release_driver+0x12/0x20 [ +0.000004] pci_stop_bus_device+0x104/0x150 [ +0.000006] pci_stop_and_remove_bus_device_locked+0x1b/0x40 [ +0.000005] remove_store+0xd7/0xf0 [ +0.000005] ? __pfx_remove_store+0x10/0x10 [ +0.000006] ? __pfx__copy_from_iter+0x10/0x10 [ +0.000006] ? __pfx_dev_attr_store+0x10/0x10 [ +0.000006] dev_attr_store+0x3f/0x80 [ +0.000006] sysfs_kf_write+0x125/0x1d0 [ +0.000004] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? __kasan_check_write+0x14/0x30 [ +0.000005] kernfs_fop_write_iter+0x2ea/0x490 [ +0.000005] ? rw_verify_area+0x70/0x420 [ +0.000005] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ +0.000006] vfs_write+0x90d/0xe70 [ +0.000005] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? __pfx_vfs_write+0x10/0x10 [ +0.000004] ? local_clock+0x15/0x30 [ +0.000008] ? srso_return_thunk+0x5/0x5f [ +0.000004] ? __kasan_slab_free+0x5f/0x80 [ +0.000005] ? srso_return_thunk+0x5/0x5f [ +0.000004] ? __kasan_check_read+0x11/0x20 [ +0.000004] ? srso_return_thunk+0x5/0x5f [ +0.000004] ? fdget_pos+0x1d3/0x500 [ +0.000007] ksys_write+0x119/0x220 [ +0.000005] ? putname+0x1c/0x30 [ +0.000006] ? __pfx_ksys_write+0x10/0x10 [ +0.000007] __x64_sys_write+0x72/0xc0 [ +0.000006] x64_sys_call+0x18ab/0x26f0 [ +0.000006] do_syscall_64+0x7c/0x170 [ +0.000004] ? srso_return_thunk+0x5/0x5f [ +0.000004] ? __pfx___x64_sys_openat+0x10/0x10 [ +0.000006] ? srso_return_thunk+0x5/0x5f [ +0.000004] ? __kasan_check_read+0x11/0x20 [ +0.000003] ? srso_return_thunk+0x5/0x5f [ +0.000004] ? fpregs_assert_state_consistent+0x21/0xb0 [ +0.000006] ? srso_return_thunk+0x5/0x5f [ +0.000004] ? syscall_exit_to_user_mode+0x4e/0x240 [ +0.000005] ? srso_return_thunk+0x5/0x5f [ +0.000004] ? do_syscall_64+0x88/0x170 [ +0.000003] ? srso_return_thunk+0x5/0x5f [ +0.000004] ? irqentry_exit+0x43/0x50 [ +0.000004] ? srso_return_thunk+0x5 ---truncado---"}], "lastModified": "2025-08-20T14:40:17.713", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}