CVE-2025-38254

CVSS v2.0

7.7

High

Vector

AV:A/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A flaw exists in the Linux kernel’s DRM/AMD/display component where the drm edid raw() function does not guarantee a proper Extended Display Identification Data (EDID) return. This can result in an Oops (kernel panic) if NULL is returned, or memory corruption if the returned EDID data exceeds the allocated buffer size. The issue was reported when connected with a faulty adapter. Sanity checks have been added to drm edid raw() to address these cases, returning EDID BAD INPUT accordingly.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2025-13469

CVE-2025-38254

USN-7833-1

USN-7833-2

USN-7833-3

USN-7833-4

USN-7834-1

USN-7856-1

Affected Products

Amd

Astra Linux

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-38254

Weakness Enumeration

Related Identifiers

Affected Products

References · 205