摘要:
In the Linux kernel, the following vulnerability has been resolved:
amdkfd: properly free gang_ctx_bo when failed to init user queue
The destructor of a gtt bo is declared as
void amdgpu_amdkfd_free_gtt_mem(struct amdgpu_device *adev, void **mem_obj);
Which takes void** as the second parameter.
GCC allows passing void* to the function because void* can be implicitly
casted to any other types, so it can pass compiling.
However, passing this void* parameter into the function's
execution process(which expects void** and dereferencing void**)
will result in errors.
安全等级: Low
公告ID: KylinSec-SA-2025-1801
发布日期: 2025年4月7日
关联CVE: CVE-2025-21842
In the Linux kernel, the following vulnerability has been resolved:
amdkfd: properly free gang_ctx_bo when failed to init user queue
The destructor of a gtt bo is declared as
void amdgpu_amdkfd_free_gtt_mem(struct amdgpu_device *adev, void **mem_obj);
Which takes void** as the second parameter.
GCC allows passing void* to the function because void* can be implicitly
casted to any other types, so it can pass compiling.
However, passing this void* parameter into the function's
execution process(which expects void** and dereferencing void**)
will result in errors.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2025-21842 | KY3.4-5 | kernel | Unaffected |
| CVE-2025-21842 | V6 | kernel | Unaffected |
