Memory Corruption Vulnerability in Linux Kernel Affecting AMD Display Drivers
CVE-2025-38254

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 July 2025

What is CVE-2025-38254?

A vulnerability exists in the AMD display drivers within the Linux kernel that can lead to memory corruption due to improper handling of EDID data when retrieved via drm_edid_raw(). In scenarios where a faulty adapter is connected, the function may return NULL or data that exceeds the predefined buffer size, potentially causing system instability. Sanity checks have been introduced in the latest kernel updates to ensure the stability and security of the display drivers by validating the returned EDID content.

Affected Version(s)

Linux 48edb2a4256eedf6c92eecf2bc7744e6ecb44b5e < 4b63507d7cd243574753c6b91f68516d9103f1de

Linux 48edb2a4256eedf6c92eecf2bc7744e6ecb44b5e < 6847b3b6e84ef37451c074e6a8db3fbd250c8dbf

Linux 6.13

References

https://git.kernel.org/stable/c/4b63507d7cd243574753c6b91...

https://git.kernel.org/stable/c/6847b3b6e84ef37451c074e6a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2025
Vulnerability Reserved
Apr 16, 2025