In the Linux kernel’s AMDGPU driver, internal locking logic was incorrectly ordered, leading to potential race conditions and deadlocks. The code referenced in the CVE fix incorrectly held a reset semaphore while acquiring the mm_lock and performed copy_to_user operations under these locks, potentially allowing concurrent user requests to interfere with one another. Additionally, the use of down_read_trylock could let the reset finish without proper synchronization, exacerbating the race conditions. Together, these issues could let a local attacker cause the driver to become unresponsive or corrupt user memory, resulting in a denial of service.

The flaw affects the Linux kernel’s AMDGPU driver across all versions that contain the buggy code prior to the commit "361b6e6b". The CNAs identify the affected product simply as the Linux kernel, so any distribution using a kernel build that contains the miss‑ordered lock logic is vulnerable until the patch is applied.

The CVSS score and EPSS value are not provided, and the vulnerability is not listed in the CISA KEV catalog. Because this is a kernel‑internal race/deadlock bug, exploitation would likely require privileged local access or direct interaction with the driver, making it less likely to be exploited remotely. However, any local attacker with sufficient privileges could trigger the race to destabilize the system or cause unhandled kernel failures. It is inferred that the primary attack vector is local kernel access, possibly via a privileged user; no public exploitation reports are known.