CVE-2025-39675

medium

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() The function mod_hdcp_hdcp1_create_session() calls the function get_first_active_display(), but does not check its return value. The return value is a null pointer if the display list is empty. This will lead to a null pointer dereference. Add a null pointer check for get_first_active_display() and return MOD_HDCP_STATUS_DISPLAY_NOT_FOUND if the function return null. This is similar to the commit c3e9826a2202 ("drm/amd/display: Add null pointer check for get_first_active_display()"). (cherry picked from commit 5e43eb3cd731649c4f8b9134f857be62a416c893)

References

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-10

https://git.kernel.org/stable/c/ee0373b20bb67b1f00a1b25ccd24c8ac996b6446

https://git.kernel.org/stable/c/97fc94c5fd3c6ac5a13e457d38ee247737b8c4bd

https://git.kernel.org/stable/c/857b8387a9777e42b36e0400be99b54c251eaf9a

https://git.kernel.org/stable/c/7a2ca2ea64b1b63c8baa94a8f5deb70b2248d119

https://git.kernel.org/stable/c/2ee86b764c54e0d6a5464fb023b630fdf20869cd

https://git.kernel.org/stable/c/2af45aadb7b5d3852c76e2d1e985289ada6f48bf

https://cert-portal.siemens.com/productcert/html/ssa-032379.html

Details

Source: Mitre, NVD

Published: 2025-09-05

Updated: 2026-05-12

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00024