CVE-2025-39675
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() The function mod_hdcp_hdcp1_create_session() calls the function get_first_active_display(), but does not check its return value. The return value is a null pointer if the display list is empty. This will lead to a null pointer dereference. Add a null pointer check for get_first_active_display() and return MOD_HDCP_STATUS_DISPLAY_NOT_FOUND if the function return null. This is similar to the commit c3e9826a2202 ("drm/amd/display: Add null pointer check for get_first_active_display()"). (cherry picked from commit 5e43eb3cd731649c4f8b9134f857be62a416c893)
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
Linux kernel Affected 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 6.17 | Affected | โ |
| โ | Affected | 5.15.190 |
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
Debian Mixed 6 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 6.12.48-1 |
| sid | Fixed | 6.16.5-1 |
| forky | Fixed | 6.16.5-1 |
| bullseye | Fixed | 6.1.153-1~deb11u1 |
| bookworm | Fixed | 6.1.153-1 |
| 11.0 | Affected | โ |
References
- https://git.kernel.org/stable/c/2af45aadb7b5d3852c76e2d1e985289ada6f48bf
- https://git.kernel.org/stable/c/2ee86b764c54e0d6a5464fb023b630fdf20869cd
- https://git.kernel.org/stable/c/7a2ca2ea64b1b63c8baa94a8f5deb70b2248d119
- https://git.kernel.org/stable/c/857b8387a9777e42b36e0400be99b54c251eaf9a
- https://git.kernel.org/stable/c/97fc94c5fd3c6ac5a13e457d38ee247737b8c4bd
- https://git.kernel.org/stable/c/ee0373b20bb67b1f00a1b25ccd24c8ac996b6446
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://cert-portal.siemens.com/productcert/html/ssa-032379.html
- https://www.suse.com/security/cve/CVE-2025-39675.html
- https://security-tracker.debian.org/tracker/CVE-2025-39675
CWEs
CWE-476
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.