Vulnerability Details CVE-2025-38254
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add sanity checks for drm_edid_raw()
When EDID is retrieved via drm_edid_raw(), it doesn't guarantee to
return proper EDID bytes the caller wants: it may be either NULL (that
leads to an Oops) or with too long bytes over the fixed size raw_edid
array (that may lead to memory corruption). The latter was reported
actually when connected with a bad adapter.
Add sanity checks for drm_edid_raw() to address the above corner
cases, and return EDID_BAD_INPUT accordingly.
(cherry picked from commit 648d3f4d209725d51900d6a3ed46b7b600140cdf)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.6%
CVSS Severity
CVSS v3 Score 5.5
References
Products affected by CVE-2025-38254
-
cpe:2.3:o:linux:linux_kernel:6.13
-
cpe:2.3:o:linux:linux_kernel:6.13.1
-
cpe:2.3:o:linux:linux_kernel:6.13.10
-
cpe:2.3:o:linux:linux_kernel:6.13.11
-
cpe:2.3:o:linux:linux_kernel:6.13.12
-
cpe:2.3:o:linux:linux_kernel:6.13.2
-
cpe:2.3:o:linux:linux_kernel:6.13.3
-
cpe:2.3:o:linux:linux_kernel:6.13.4
-
cpe:2.3:o:linux:linux_kernel:6.13.5
-
cpe:2.3:o:linux:linux_kernel:6.13.6
-
cpe:2.3:o:linux:linux_kernel:6.13.7
-
cpe:2.3:o:linux:linux_kernel:6.13.8
-
cpe:2.3:o:linux:linux_kernel:6.13.9
-
cpe:2.3:o:linux:linux_kernel:6.14
-
cpe:2.3:o:linux:linux_kernel:6.14.1
-
cpe:2.3:o:linux:linux_kernel:6.14.10
-
cpe:2.3:o:linux:linux_kernel:6.14.11
-
cpe:2.3:o:linux:linux_kernel:6.14.2
-
cpe:2.3:o:linux:linux_kernel:6.14.3
-
cpe:2.3:o:linux:linux_kernel:6.14.4
-
cpe:2.3:o:linux:linux_kernel:6.14.5
-
cpe:2.3:o:linux:linux_kernel:6.14.6
-
cpe:2.3:o:linux:linux_kernel:6.14.7
-
cpe:2.3:o:linux:linux_kernel:6.14.8
-
cpe:2.3:o:linux:linux_kernel:6.14.9
-
cpe:2.3:o:linux:linux_kernel:6.15
-
cpe:2.3:o:linux:linux_kernel:6.15.1
-
cpe:2.3:o:linux:linux_kernel:6.15.2
-
cpe:2.3:o:linux:linux_kernel:6.15.3
-
cpe:2.3:o:linux:linux_kernel:6.15.4
-
cpe:2.3:o:linux:linux_kernel:6.16