CVE-2025-38362
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-12-16
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.8 (inc) to 5.15.187 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.143 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.96 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.36 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.15.5 (exc) |
| debian | debian_linux | 11.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's AMD display driver where the function mod_hdcp_hdcp1_enable_encryption() calls get_first_active_display() without checking if it returns a null pointer. If the display list is empty, get_first_active_display() returns null, leading to a null pointer dereference in mod_hdcp_hdcp2_enable_encryption(). The fix adds a null pointer check and returns an error status if no active display is found.
How can this vulnerability impact me? :
The vulnerability can cause a null pointer dereference, which may lead to a kernel crash or system instability when the display list is empty. This could result in denial of service or unexpected behavior in systems using the affected Linux kernel AMD display driver.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to the fixed version of the Linux kernel that includes the null pointer check for get_first_active_display() in the drm/amd/display driver. This prevents the null pointer dereference by ensuring the function mod_hdcp_hdcp1_enable_encryption() properly handles the case when no active display is found.