CVE-2025-38091Improperly Implemented Security Check for Standard in Linux

CWE-358Improperly Implemented Security Check for Standard20 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 94.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedJul 2
Latest updateDec 3

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check stream id dml21 wrapper to get plane_id [Why & How] Fix a false positive warning which occurs due to lack of correct checks when querying plane_id in DML21. This fixes the warning when performing a mode1 reset (cat /sys/kernel/debug/dri/1/amdgpu_gpu_recover): [ 35.751250] WARNING: CPU: 11 PID: 326 at /tmp/amd.PHpyAl7v/amd/amdgpu/../display/dc/dml2/dml2_dc_resource_mgmt.c:91 dml2_map_dc_pipes+0x243d/0x3f

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

NVDlinux/linux_kernel6.116.12.32+2
Debianlinux/linux_kernel< 6.12.32-1+1
CVEListV5linux/linux70839da6360500a82e4d5f78499284474cbed7c16f47d7408133631a1b178f8a04e79aee189ef046+3
debiandebian/linux< linux 6.12.32-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

9
OSV
linux, linux-aws, linux-gcp, linux-gcp-6.14, linux-oracle, linux-realtime vulnerabilities2025-12-03
OSV
linux-raspi vulnerabilities2025-10-08
OSV
linux-oracle-6.14 vulnerabilities2025-10-01
OSV
linux-aws-6.14, linux-hwe-6.14 vulnerabilities2025-09-26
OSV
linux-realtime-6.14 vulnerabilities2025-09-24

📋Vendor Advisories

10
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-10-08
Ubuntu
Linux kernel (Oracle) vulnerabilities2025-10-01
Ubuntu
Linux kernel vulnerabilities2025-09-26
Ubuntu
Linux kernel vulnerabilities2025-09-25
Ubuntu
Linux kernel (OEM) vulnerabilities2025-09-24
CVE-2025-38091 — Linux vulnerability | cvebase