7.8

CVE-2025-21780

drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()

It malicious user provides a small pptable through sysfs and then
a bigger pptable, it may cause buffer overflow attack in function
smu_sys_set_pp_table().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 6.1.129
LinuxLinux Kernel Version >= 6.2 < 6.6.79
LinuxLinux Kernel Version >= 6.7 < 6.12.16
LinuxLinux Kernel Version >= 6.13 < 6.13.4
LinuxLinux Kernel Version6.14 Updaterc1
LinuxLinux Kernel Version6.14 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.159
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

https://git.kernel.org/stable/c/1abb2648698bf10783d2236a6b4a7ca5e8021699
Patch
Mailing List
https://git.kernel.org/stable/c/231075c5a8ea54f34b7c4794687baa980814e6de
Patch
Mailing List
https://git.kernel.org/stable/c/2498d2db1d35e88a2060ea191ae75dce853dd084
Patch
Mailing List
https://git.kernel.org/stable/c/3484ea33157bc7334f57e64826ec5a4bf992151a
Patch
Mailing List
https://git.kernel.org/stable/c/e43a8b9c4d700ffec819c5043a48769b3e7d9cab
Patch
Mailing List
https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html