CVE-2025-38361

HIGH
2025-07-25 416baaa9-dc9f-4396-8d5f-8c081fb06d67
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
Patch Released
Mar 17, 2026 - 20:45 nvd
Patch available
CVE Published
Jul 25, 2025 - 13:15 nvd
HIGH 7.8

Tags

Linux Null Pointer Dereference Linux Kernel Redhat Suse

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check dce_hwseq before dereferencing it [WHAT] hws was checked for null earlier in dce110_blank_stream, indicating hws can be null, and should be checked whenever it is used. (cherry picked from commit 79db43611ff61280b6de58ce1305e0b2ecf675ad)

Analysis

A null pointer dereference vulnerability exists in the AMD display driver within the Linux kernel, where the dce_hwseq structure is accessed without proper null checking in the dce110_blank_stream function. The vulnerability affects Linux kernel versions up to 6.16-rc2 and could allow a local attacker with low privileges to cause a system crash or potentially execute arbitrary code with kernel privileges. With an EPSS score of only 0.02% and no known active exploitation, this represents a low real-world risk despite the high CVSS score.

Technical Context

The vulnerability occurs in the AMD display driver's hardware sequencer code, specifically in the dce110_blank_stream function which handles display blanking operations for DCE 11.0 (Display Controller Engine) hardware. The affected products are Linux kernel versions ranging from earlier releases up through 6.16-rc2, as indicated by the CPE entries cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* and cpe:2.3:o:linux:linux_kernel:6.16:rc1/rc2:*:*:*:*:*:*. The issue stems from inconsistent null pointer checking - while the hws (hardware sequencer) pointer is checked for null early in the function, subsequent dereferences of this pointer occur without validation, creating a potential null pointer dereference condition.

Affected Products

The vulnerability affects the Linux kernel from unspecified earlier versions through 6.16-rc2, specifically impacting systems using AMD graphics hardware with DCE 11.0 display controllers. Based on the CPE data (cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* and cpe:2.3:o:linux:linux_kernel:6.16:rc1/rc2:*:*:*:*:*:*), all Linux kernel versions prior to the fix are potentially affected. The issue is specifically present in the AMD display driver code path, meaning systems without AMD graphics or not using the amdgpu driver are not affected.

Remediation

Apply the available kernel patches referenced in the git.kernel.org commits: 5e1482ae14b03b9fca73ef5afea26ede683f4450, 60e450eec5d63113c6ad5c456ce64c12b4496a6e, b669507b637eb6b1aaecf347f193efccc65d756e, df11bf0ef795b6d415c4d8ee54fa3f2105e75bcb, and e881b82f5d3d8d54d168cd276169f0fee01bf0e7. These patches add proper null checking before dereferencing the dce_hwseq pointer. For systems that cannot be immediately patched, consider restricting local access to trusted users only and monitoring for unexpected kernel crashes that could indicate exploitation attempts. The cherry-picked fix from commit 79db43611ff61280b6de58ce1305e0b2ecf675ad ensures the hardware sequencer pointer is validated before use.

Priority Score

39
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +39
POC: 0

Vendor Status

Share

CVE-2025-38361 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy