CVE-2025-21985

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix out-of-bound accesses

[WHAT & HOW] hpo_stream_to_link_encoder_mapping has size MAX_HPO_DP2_ENCODERS(=4), but location can have size up to 6. As a result, it is necessary to check location against MAX_HPO_DP2_ENCODERS.

Similiarly, disp_cfg_stream_location can be used as an array index which should be 0..5, so the ASSERT's conditions should be less without equal.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c < 36793d90d76f667d26c6dd025571481ee0c96abcaffected
LinuxLinux4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c < 9aedc776b11038f04f4641241bb7e877781e4aa4affected
LinuxLinux4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c < 8adbb2a98b00926315fd513b5fe2596b5716b82daffected
LinuxLinux4.15affected
LinuxLinux0 < 4.15unaffected
LinuxLinux6.12.20 <= 6.12.*unaffected
LinuxLinux6.13.8 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

References