PT-2025-46623 · Linux+2 · Linux Kernel+2

Published

2025-08-13

Updated

2026-02-24

CVE-2025-40148

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the drm/amd/display subsystem related to cursor attribute functions. Specifically, the dc stream set cursor attributes() function dereferences the stream pointer and nested members without proper NULL pointer checks. While callers of these functions generally perform NULL checks, the refactored code introduced an unchecked dereference. The dc stream check cursor attributes() function previously checked for NULL streams but this check was removed. The vulnerable function is dc stream set cursor attributes(). The vulnerable parameter is stream.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2025-14953

CVE-2025-40148

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8048-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

PT-2025-46623 · Linux+2 · Linux Kernel+2

CVE-2025-40148

Weakness Enumeration

Related Identifiers

Affected Products

References · 394