CVE-2025-39705
BaseFortify
Publication date: 2025-09-05
Last updated on: 2025-11-25
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a null pointer dereference in the AMD display driver within the Linux kernel. It occurs in the dc_destruct() cleanup function when the display control context (dc->ctx) fails to be constructed due to memory allocation failure and remains NULL. Later, during error handling, the code attempts to access a member (perf_trace) of this NULL pointer without checking if dc->ctx is non-NULL, causing a kernel crash.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash due to a null pointer dereference in the AMD display driver. Such a crash can lead to system instability, denial of service, or unexpected reboots, potentially disrupting normal operations on affected systems.
What immediate steps should I take to mitigate this vulnerability?
Apply the updated Linux kernel patch that fixes the null pointer dereference in the AMD display driver's dc_destruct() function by adding a NULL check before dereferencing dc->ctx->perf_trace. Until the patch is applied, avoid triggering conditions that cause display control context construction failures, if possible.