The flaw in the Linux kernel’s AMD KFD driver involves an unchecked nattr field sent through the SVM ioctl, allowing a user‑controlled attribute count that is not validated against the size of the referenced buffer. This omission permits out‑of‑bounds buffer access that can lead to memory corruption or data leakage, and may cause a kernel crash, but the CVE entry does not confirm privilege escalation. The patch commits a check that ensures the attribute count does not exceed the buffer limits.

The vulnerability is present in all Linux kernel releases that include the amdkfd driver before the patch commit 5eca8bfdfa456c3304ca77523718fe24254c172f. Because the CVE does not list specific kernel versions, any distribution kernel that ships an unpatched amdkfd driver is potentially affected. Users should verify whether their kernel configuration includes the referenced commit.

Exploitation requires the ability to invoke the SVM ioctl through /dev/kfd, which is typically available to privileged users or those explicitly granted access. The EPSS score of 0.00013 indicates a very low probability of exploitation at this time, and the vulnerability is not listed in CISA’s KEV catalog. The CVSS score of 7.8 indicates a high severity. The risk is primarily local and limited to systems that provide unfiltered access to /dev/kfd; administrators should apply the patch promptly to mitigate the risk.