Linux Kernel Vulnerability in AMD GPU Driver Related to Cursor Attribute Functions

CVE-2025-40148

What is CVE-2025-40148?

A vulnerability exists in the Linux kernel affecting AMD GPU drivers, specifically within the dc_stream_set_cursor_attributes() function. This function fails to perform necessary NULL checks on the stream pointer before dereferencing it and accessing nested members. This oversight leads to potential crashes or undefined behavior when the stream is NULL. Although associated callers correctly check for NULL before invoking these functions, the lack of checks within dc_stream_set_cursor_attributes() compromises the stability of the driver. A patch has been introduced to address this issue by re-implementing the NULL checks, thus enhancing the reliability of cursor attribute handling in AMD display drivers.

References