CVE-2025-38080
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-11-14
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's AMD display driver where the block_sequence array size was too small. Specifically, the hwss_build_fast_sequence function can generate more than 50 steps, such as on a 6-pipe ASIC with all pipes in one MPC chain, which causes the block_sequence buffer to overflow and corrupt block_sequence_steps, leading to a crash. The fix was to increase the block_sequence array size from 50 to 100 to safely accommodate up to 91 steps.
How can this vulnerability impact me? :
This vulnerability can cause a crash in the Linux kernel's AMD display driver due to buffer overflow and corruption of block_sequence_steps. This could lead to system instability or denial of service on affected systems using the vulnerable driver.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to a version where the drm/amd/display component has been patched to increase the block_sequence array size to 100, preventing buffer overflow and crashes caused by hwss_build_fast_sequence generating more than 50 steps.