CVE-2025-38254
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add sanity checks for drm_edid_raw()
When EDID is retrieved via drm_edid_raw(), it doesn't guarantee to return proper EDID bytes the caller wants: it may be either NULL (that leads to an Oops) or with too long bytes over the fixed size raw_edid array (that may lead to memory corruption). The latter was reported actually when connected with a bad adapter.
Add sanity checks for drm_edid_raw() to address the above corner cases, and return EDID_BAD_INPUT accordingly.
(cherry picked from commit 648d3f4d209725d51900d6a3ed46b7b600140cdf)
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 48edb2a4256eedf6c92eecf2bc7744e6ecb44b5e < 4b63507d7cd243574753c6b91f68516d9103f1de | affected |
| Linux | Linux | 48edb2a4256eedf6c92eecf2bc7744e6ecb44b5e < 6847b3b6e84ef37451c074e6a8db3fbd250c8dbf | affected |
| Linux | Linux | 6.13 | affected |
| Linux | Linux | 0 < 6.13 | unaffected |
| Linux | Linux | 6.15.5 <= 6.15.* | unaffected |
| Linux | Linux | 6.16 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/4b63507d7cd243574753c6b91f68516d9103f1de
- https://git.kernel.org/stable/c/6847b3b6e84ef37451c074e6a8db3fbd250c8dbf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.