CVE-2025-38254
BaseFortify
Publication date: 2025-07-09
Last updated on: 2025-11-19
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's drm/amd/display component where the function drm_edid_raw() does not properly validate the EDID data it retrieves. The function may return NULL, causing a system crash (Oops), or return data longer than the fixed buffer size, potentially leading to memory corruption. This happens especially when connected to a faulty adapter. The fix adds sanity checks to prevent these issues and returns an error code (EDID_BAD_INPUT) when invalid data is detected.
How can this vulnerability impact me? :
This vulnerability can cause system instability or crashes due to NULL pointer dereferences, and it may also lead to memory corruption, which could be exploited to execute arbitrary code or cause denial of service. The impact arises when the system interacts with a bad adapter that provides malformed EDID data.