CVE-2025-37903

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version

Description A slab-use-after-free issue has been identified in the Linux kernel's HDCP code. The vulnerability occurs when the HDCP code copies pointers to amdgpu dm connector objects without incrementing the kref reference counts. This can lead to dangling pointers, resulting in a slab-use-after-free when a USB-C dock is unplugged and then plugged back in. The issue is triggered in the event property validate function.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the slab-use-after-free in the HDCP code. As a temporary workaround, consider disabling the amdgpu dm hdcp module until a patch is available. Restrict access to the vulnerable amdgpu dm connector objects to minimize the risk of exploitation. Avoid using the dm dp add mst connector function in the affected code path until the issue is resolved.