CVE-2025-39675

MEDIUM EPSS 4.3%
Published Sep 5, 20259mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Sep 5, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() The function mod_hdcp_hdcp1_create_session() calls the function get_first_active_display(), but does not check its return value. The return value is a null pointer if the display list is empty. This will lead to a null pointer dereference. Add a null pointer check for get_first_active_display() and return MOD_HDCP_STATUS_DISPLAY_NOT_FOUND if the function return null. This is similar to the commit c3e9826a2202 ("drm/amd/display: Add null pointer check for get_first_active_display()"). (cherry picked from commit 5e43eb3cd731649c4f8b9134f857be62a416c893)

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥5.8  –  <5.15.190
linuxlinux_kernel*≥5.16  –  <6.1.149
linuxlinux_kernel*≥6.2  –  <6.6.103
linuxlinux_kernel*≥6.7  –  <6.12.44
linuxlinux_kernel*≥6.13  –  <6.16.4
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
debiandebian_linux11.0any

References 8

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-032379.html
  • git.kernel.org https://git.kernel.org/stable/c/2af45aadb7b5d3852c76e2d1e985289ada6f48bf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2ee86b764c54e0d6a5464fb023b630fdf20869cd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7a2ca2ea64b1b63c8baa94a8f5deb70b2248d119
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/857b8387a9777e42b36e0400be99b54c251eaf9a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/97fc94c5fd3c6ac5a13e457d38ee247737b8c4bd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ee0373b20bb67b1f00a1b25ccd24c8ac996b6446
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2af45aadb7b5d3852c76e2d1e985289ada6f48bf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2ee86b764c54e0d6a5464fb023b630fdf20869cd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7a2ca2ea64b1b63c8baa94a8f5deb70b2248d119
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/857b8387a9777e42b36e0400be99b54c251eaf9a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/97fc94c5fd3c6ac5a13e457d38ee247737b8c4bd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ee0373b20bb67b1f00a1b25ccd24c8ac996b6446
    Patch