CVE-2025-39675

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session()

The function mod_hdcp_hdcp1_create_session() calls the function
get_first_active_display(), but does not check its return value.
The return value is a null pointer if the display list is empty.
This will lead to a null pointer dereference.

Add a null pointer check for get_first_active_display() and return
MOD_HDCP_STATUS_DISPLAY_NOT_FOUND if the function return null.

This is similar to the commit c3e9826a2202
("drm/amd/display: Add null pointer check for get_first_active_display()").

(cherry picked from commit 5e43eb3cd731649c4f8b9134f857be62a416c893)
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
vulnerable
bookworm (security)
6.1.153-1
fixed
trixie
vulnerable
trixie (security)
6.12.48-1
fixed
forky
6.16.9-1
fixed
sid
6.16.12-2
fixed
linux-6.1
bullseye (security)
6.1.153-1~deb11u1
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/2af45aadb7b5d3852c76e2d1e985289ada6f48bf
https://git.kernel.org/stable/c/2ee86b764c54e0d6a5464fb023b630fdf20869cd
https://git.kernel.org/stable/c/7a2ca2ea64b1b63c8baa94a8f5deb70b2248d119
https://git.kernel.org/stable/c/857b8387a9777e42b36e0400be99b54c251eaf9a
https://git.kernel.org/stable/c/97fc94c5fd3c6ac5a13e457d38ee247737b8c4bd
https://git.kernel.org/stable/c/ee0373b20bb67b1f00a1b25ccd24c8ac996b6446