NULL Pointer Dereference Vulnerability in Linux Kernel's AMD Display Driver
CVE-2025-39693

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-39693?

In the Linux kernel, a vulnerability exists within the AMD display driver, where functions may return a NULL value, potentially leading to a NULL pointer dereference. This issue arises particularly within the functions drm_atomic_get_new_connector_state() or drm_atomic_get_old_connector_state(), necessitating a check before dereferencing the return values to prevent unexpected behavior or system crashes. The vulnerability has been addressed in a recent commit to ensure a safer handling of connector state retrieval.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9c92d12b5cb9d9d88c12ae71794d3a7382fcdec0

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6f860abff89417c0354b6ee5bbca188a233c5762

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 36a6b43573d152736eaf2557fe60580dd73e9350

References

https://git.kernel.org/stable/c/9c92d12b5cb9d9d88c12ae717...

https://git.kernel.org/stable/c/6f860abff89417c0354b6ee5b...

https://git.kernel.org/stable/c/36a6b43573d152736eaf2557f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Apr 16, 2025