CVE-2025-38362

MEDIUM EPSS 1.4%
Published Jul 25, 202511mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 25, 2025 11mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null pointer check for get_first_active_display() The function mod_hdcp_hdcp1_enable_encryption() calls the function get_first_active_display(), but does not check its return value. The return value is a null pointer if the display list is empty. This will lead to a null pointer dereference in mod_hdcp_hdcp2_enable_encryption(). Add a null pointer check for get_first_active_display() and return MOD_HDCP_STATUS_DISPLAY_NOT_FOUND if the function return null.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
1.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel*≥5.8  –  <5.15.187
linuxlinux_kernel*≥5.16  –  <6.1.143
linuxlinux_kernel*≥6.2  –  <6.6.96
linuxlinux_kernel*≥6.7  –  <6.12.36
linuxlinux_kernel*≥6.13  –  <6.15.5
debiandebian_linux11.0any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/1ebcdf38887949def1a553ff3e45c98ed95a3cd0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/34d3e10ab905f06445f8dbd8a3d9697095e71bae
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4ce9f2dc9ff7cc410e8c5d936ec551e26b9599a9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5148c7ea69e9c5bf2f05081190f45ba96d3d1e7a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b3005145eab98d36777660b8893466e4f630ae1c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c3e9826a22027a21d998d3e64882fa377b613006
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1ebcdf38887949def1a553ff3e45c98ed95a3cd0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/34d3e10ab905f06445f8dbd8a3d9697095e71bae
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4ce9f2dc9ff7cc410e8c5d936ec551e26b9599a9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5148c7ea69e9c5bf2f05081190f45ba96d3d1e7a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b3005145eab98d36777660b8893466e4f630ae1c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c3e9826a22027a21d998d3e64882fa377b613006
    Patch