cve 2025 40310

CVE-2025-40310 is a Linux kernel vulnerability caused by a race condition between the AMDGPU driver and the AMD Kernel Fusion Driver (amdkfd) during device teardown and VM cleanup. This flaw can lead to redundant or concurrent release of a Process Address Space ID (PASID), resulting in deterministic kernel oopses and driver crashes that create a local denial-of-service condition. The upstream fix, which adjusts ownership and teardown ordering to ensure consistent PASID handling, has been merged into upstream and stable kernel branches. Distribution and vendor maintainers are carrying the patch forward. This tag covers discussion of the vulnerability, its impact, and the remediation efforts.