CVE-2025-38705

MEDIUM

Linux Kernel < 6.12.43, 6.13.0-6.15.11, 6.16.0-6.16.2 - Null Pointer Dereference via GPU OD/Fan Control Sysfs

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters (' ', '\n', '\0') to the under gpu_od/fan_ctrl sysfs or pp_power_profile_mode for the CUSTOM profile will result in a null pointer dereference.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/a83ffafd02a7af59848755c109d544e3894af737

Patch

https://git.kernel.org/stable/c/5d8cc029e5595760c7d18c64632e8e40a86a9b2e

Patch

https://git.kernel.org/stable/c/cef79c18538e9ce2ca6e5b3fa95c38ec41dcd07a

Patch

https://git.kernel.org/stable/c/d524d40e3a6152a3ea1125af729f8cd8ca65efde

Scores

CVSS v3 5.5

EPSS 0.0014

EPSS Percentile 4.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (14)

linux/Kernel 4.17.0 - 6.12.43linux

linux/Kernel 6.13.0 - 6.15.11linux

linux/Kernel 6.16.0 - 6.16.2linux

Linux/Linux < 4.17

Linux/Linux 37c5c4dbf03b167b5ca68d4bbc7fb6c92a463fb4 - 5d8cc029e5595760c7d18c64632e8e40a86a9b2e

Linux/Linux 37c5c4dbf03b167b5ca68d4bbc7fb6c92a463fb4 - a83ffafd02a7af59848755c109d544e3894af737

Linux/Linux 37c5c4dbf03b167b5ca68d4bbc7fb6c92a463fb4 - cef79c18538e9ce2ca6e5b3fa95c38ec41dcd07a

Linux/Linux 37c5c4dbf03b167b5ca68d4bbc7fb6c92a463fb4 - d524d40e3a6152a3ea1125af729f8cd8ca65efde

Linux/Linux 4.17

Linux/Linux 6.12.43 - 6.12.*

... and 4 more

Published Sep 04, 2025

Tracked Since Feb 18, 2026