CVE-2025-39675

05.09.2025, 18:15

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session()

The function mod_hdcp_hdcp1_create_session() calls the function
get_first_active_display(), but does not check its return value.
The return value is a null pointer if the display list is empty.
This will lead to a null pointer dereference.

Add a null pointer check for get_first_active_display() and return
MOD_HDCP_STATUS_DISPLAY_NOT_FOUND if the function return null.

This is similar to the commit c3e9826a2202
("drm/amd/display: Add null pointer check for get_first_active_display()").

(cherry picked from commit 5e43eb3cd731649c4f8b9134f857be62a416c893)

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bullseye	vulnerable
bullseye (security)	vulnerable
bookworm	vulnerable
bookworm (security)	vulnerable
trixie	vulnerable
trixie (security)	vulnerable
forky	vulnerable
sid	vulnerable

References

https://git.kernel.org/stable/c/2af45aadb7b5d3852c76e2d1e985289ada6f48bf

https://git.kernel.org/stable/c/2ee86b764c54e0d6a5464fb023b630fdf20869cd

https://git.kernel.org/stable/c/7a2ca2ea64b1b63c8baa94a8f5deb70b2248d119

https://git.kernel.org/stable/c/857b8387a9777e42b36e0400be99b54c251eaf9a

https://git.kernel.org/stable/c/97fc94c5fd3c6ac5a13e457d38ee247737b8c4bd

https://git.kernel.org/stable/c/ee0373b20bb67b1f00a1b25ccd24c8ac996b6446