CVE-2025-38603

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A slab-use-after-free issue was identified in the amdgpu user queue manager (amdgpu userq mgr fini()) within the kernel's DRM subsystem. The vulnerability occurs when memory is freed in amdgpu driver postclose kms() and subsequently accessed in amdgpu drm release(). This was reproduced on NV10 using the IGT pci unplug test, triggering a KASAN detected use-after-free condition. The fix involves moving the calls to amdgpu eviction fence destroy() and amdgpu userq mgr fini() into amdgpu driver postclose kms() to ensure they are invoked before the associated memory is freed, improving resource management consistency.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.