5.5

CVE-2025-38362

drm/amd/display: Add null pointer check for get_first_active_display()

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Add null pointer check for get_first_active_display()

The function mod_hdcp_hdcp1_enable_encryption() calls the function
get_first_active_display(), but does not check its return value.
The return value is a null pointer if the display list is empty.
This will lead to a null pointer dereference in
mod_hdcp_hdcp2_enable_encryption().

Add a null pointer check for get_first_active_display() and return
MOD_HDCP_STATUS_DISPLAY_NOT_FOUND if the function return null.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.8 < 5.15.187
LinuxLinux Kernel Version >= 5.16 < 6.1.143
LinuxLinux Kernel Version >= 6.2 < 6.6.96
LinuxLinux Kernel Version >= 6.7 < 6.12.36
LinuxLinux Kernel Version >= 6.13 < 6.15.5
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.014
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/1ebcdf38887949def1a553ff3e45c98ed95a3cd0
Patch
https://git.kernel.org/stable/c/34d3e10ab905f06445f8dbd8a3d9697095e71bae
Patch
https://git.kernel.org/stable/c/4ce9f2dc9ff7cc410e8c5d936ec551e26b9599a9
Patch
https://git.kernel.org/stable/c/5148c7ea69e9c5bf2f05081190f45ba96d3d1e7a
Patch
https://git.kernel.org/stable/c/b3005145eab98d36777660b8893466e4f630ae1c
Patch
https://git.kernel.org/stable/c/c3e9826a22027a21d998d3e64882fa377b613006
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory