{"id":"CVE-2025-40191","summary":"drm/amdkfd: Fix kfd process ref leaking when userptr unmapping","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix kfd process ref leaking when userptr unmapping\n\nkfd_lookup_process_by_pid hold the kfd process reference to ensure it\ndoesn't get destroyed while sending the segfault event to user space.\n\nCalling kfd_lookup_process_by_pid as function parameter leaks the kfd\nprocess refcount and miss the NULL pointer check if app process is\nalready destroyed.","modified":"2026-04-02T12:48:19.234770Z","published":"2025-11-12T21:56:31.206Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40191.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/58e6fc2fb94f0f409447e5d46cf6a417b6397fbc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/60f6112fc9b3ba0eae519f10702c0c13bab45742"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40191.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40191"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2d274bf7099bc5e95fabaa93f23d0eb2977187ad"},{"fixed":"60f6112fc9b3ba0eae519f10702c0c13bab45742"},{"fixed":"58e6fc2fb94f0f409447e5d46cf6a417b6397fbc"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40191.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.16.0"},{"fixed":"6.17.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40191.json"}}],"schema_version":"1.7.5"}