CVE-2025-40354 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: increase max link count and fix link->enc NULL pointer access [why] 1.) dc->links[MAX_LINKS] array size smaller than actual requested. max_connector + max_dpia + 4 virtual = 14. increase from 12 to 14. 2.) hw_init() access null LINK_ENC for dpia non display_endpoint. (cherry picked from commit d7f5a61e1b04ed87b008c8d327649d184dc5bb45)

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/a3fc0d36cfb927f8986b83bf5fba47dbedad3c63
https://git.kernel.org/stable/c/bec947cbe9a65783adb475a5fb47980d7b4f4796
https://git.kernel.org/stable/c/f28092be4e12b7df9e4f415d25bf0d767bc2d9ed

History

Tue, 16 Dec 2025 13:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: increase max link count and fix link->enc NULL pointer access [why] 1.) dc->links[MAX_LINKS] array size smaller than actual requested. max_connector + max_dpia + 4 virtual = 14. increase from 12 to 14. 2.) hw_init() access null LINK_ENC for dpia non display_endpoint. (cherry picked from commit d7f5a61e1b04ed87b008c8d327649d184dc5bb45)
Title		drm/amd/display: increase max link count and fix link->enc NULL pointer access
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/a3fc0d36cfb927f8986b83bf5fba47dbedad3c63 https://git.kernel.org/stable/c/bec947cbe9a65783adb475a5fb47980d7b4f4796 https://git.kernel.org/stable/c/f28092be4e12b7df9e4f415d25bf0d767bc2d9ed

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-16T13:30:27.082Z

Updated: 2025-12-16T13:30:27.082Z

Reserved: 2025-04-16T07:20:57.187Z

Link: CVE-2025-40354

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-16T14:15:47.310

Modified: 2025-12-16T14:15:47.310

Link: CVE-2025-40354

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-40354", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:20:57.187Z", "datePublished": "2025-12-16T13:30:27.082Z", "dateUpdated": "2025-12-16T13:30:27.082Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-16T13:30:27.082Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: increase max link count and fix link->enc NULL pointer access\n\n[why]\n1.) dc->links[MAX_LINKS] array size smaller than actual requested.\nmax_connector + max_dpia + 4 virtual = 14.\nincrease from 12 to 14.\n\n2.) hw_init() access null LINK_ENC for dpia non display_endpoint.\n\n(cherry picked from commit d7f5a61e1b04ed87b008c8d327649d184dc5bb45)"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c", "drivers/gpu/drm/amd/display/dc/inc/hw/hw_shared.h"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "f28092be4e12b7df9e4f415d25bf0d767bc2d9ed", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "a3fc0d36cfb927f8986b83bf5fba47dbedad3c63", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "bec947cbe9a65783adb475a5fb47980d7b4f4796", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c", "drivers/gpu/drm/amd/display/dc/inc/hw/hw_shared.h"], "versions": [{"version": "6.12.56", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17.6", "lessThanOrEqual": "6.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.12.56"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.17.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.18"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/f28092be4e12b7df9e4f415d25bf0d767bc2d9ed"}, {"url": "https://git.kernel.org/stable/c/a3fc0d36cfb927f8986b83bf5fba47dbedad3c63"}, {"url": "https://git.kernel.org/stable/c/bec947cbe9a65783adb475a5fb47980d7b4f4796"}], "title": "drm/amd/display: increase max link count and fix link->enc NULL pointer access", "x_generator": {"engine": "bippy-1.2.0"}}}}