CVE-2025-21985Out-of-bounds Read in Linux

CWE-125Out-of-bounds ReadCWE-787Out-of-bounds Write6 documents6 sources
Severity
7.1HIGHNVD
EPSS
0.1%
top 83.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
LinuxLinux KernelDebian Linux+11 more
Timeline
PublishedApr 1
Latest updateApr 8

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bound accesses [WHAT & HOW] hpo_stream_to_link_encoder_mapping has size MAX_HPO_DP2_ENCODERS(=4), but location can have size up to 6. As a result, it is necessary to check location against MAX_HPO_DP2_ENCODERS. Similiarly, disp_cfg_stream_location can be used as an array index which should be 0..5, so the ASSERT's conditions should be less without equal.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages15 packages

NVDlinux/linux_kernel4.156.12.20+2
Debianlinux/linux_kernel< 6.12.20-1+1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2025-21985: In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bound accesses [WHAT & HOW] hpo_stream_to_link_encoder2025-04-01
GHSA
GHSA-6hmr-pwgj-w283: In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bound accesses [WHAT & HOW] hpo_stream_to_link_encod2025-04-01

📋Vendor Advisories

3
Microsoft
drm/amd/display: Fix out-of-bound accesses2025-04-08
Red Hat
kernel: drm/amd/display: Fix out-of-bound accesses2025-04-01
Debian
CVE-2025-21985: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amd/dis...2025