CVE-2025-37870 — Sensitive Information Exposure in Linux

CWE-200 — Sensitive Information Exposure12 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 84.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +10 more

Timeline

PublishedMay 9

Latest updateJul 8

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: prevent hang on link training fail [Why] When link training fails, the phy clock will be disabled. However, in enable_streams, it is assumed that link training succeeded and the mux selects the phy clock, causing a hang when a register write is made. [How] When enable_stream is hit, check if link training failed. If it did, fall back to the ref clock to avoid a hang and keep the system in a recoverable state.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages15 packages

▶NVDlinux/linux_kernel6.3 — 6.12.25+1

▶Debianlinux/linux_kernel< 6.12.25-1+1

▶Ubuntulinux/linux_kernel< 6.14.0-22.22

▶msrcmsrc/azl3_kernel_6.6.96.2-1_on_azure_linux_3.0

▶msrcmsrc/azl3_kernel_6.6.96.2-2_on_azure_linux_3.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-aws, linux-oracle vulnerabilities↗2025-07-08

▶

OSV

linux-azure vulnerabilities↗2025-06-26

▶

OSV

linux, linux-gcp, linux-raspi, linux-realtime vulnerabilities↗2025-06-24

▶

GHSA

GHSA-j36m-8cr4-5cq4: In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: prevent hang on link training fail [Why] When link training fai↗2025-05-09

▶

OSV

CVE-2025-37870: In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: prevent hang on link training fail [Why] When link training fails↗2025-05-09

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2025-07-08

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2025-06-26

▶

Ubuntu

Linux kernel vulnerabilities↗2025-06-24

▶

Microsoft

drm/amd/display: prevent hang on link training fail↗2025-05-13

▶

Red Hat

kernel: drm/amd/display: prevent hang on link training fail↗2025-05-09

▶

External resources

NVD MITRE

Affected products13

Debian Linuxfixed in linux 6.12.25-1 (forky)

Linux≥ 7462475e3a06fbb0b36243b391296f9f411e9041, < 0363c03672cd3191f037905bf981eb523a3b71b1≥ 7462475e3a06fbb0b36243b391296f9f411e9041, < 04bf4f2a497e9877c425c5124652e61fb8a1a0aa≥ 7462475e3a06fbb0b36243b391296f9f411e9041, < 8058061ed9d6bc259d1e678607b07d259342c08f+1 more

Linux Kernel≥ 0, < 6.12.25-1≥ 6.3, < 6.12.25≥ 6.13, < 6.14.4+1 more

Msrc Azl3 Kernel 6.6.104.2-4 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.112.1-2 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.117.1-1 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.119.3-1 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.119.3-3 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.121.1-1 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.126.1-1 ON Azure Linux 3.0

Disclosure

PublishedMay 9, 2025

Latest updateJul 8, 2025