CVE-2025-40354

Linux Kernel 4.15-6.12.55, 6.13-6.17.5, 6.18 - Use-After-Free in DRM AMD Display Link Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: increase max link count and fix link->enc NULL pointer access [why] 1.) dc->links[MAX_LINKS] array size smaller than actual requested. max_connector + max_dpia + 4 virtual = 14. increase from 12 to 14. 2.) hw_init() access null LINK_ENC for dpia non display_endpoint. (cherry picked from commit d7f5a61e1b04ed87b008c8d327649d184dc5bb45)

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/f28092be4e12b7df9e4f415d25bf0d767bc2d9ed

Patch

https://git.kernel.org/stable/c/a3fc0d36cfb927f8986b83bf5fba47dbedad3c63

Patch

https://git.kernel.org/stable/c/bec947cbe9a65783adb475a5fb47980d7b4f4796

Scores

EPSS 0.0002

EPSS Percentile 7.1%

Details

Status published

Products (10)

linux/Kernel 4.15.0 - 6.12.56linux

linux/Kernel 6.13.0 - 6.17.6linux

Linux/Linux < 4.15

Linux/Linux 4.15

Linux/Linux 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c - a3fc0d36cfb927f8986b83bf5fba47dbedad3c63

Linux/Linux 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c - bec947cbe9a65783adb475a5fb47980d7b4f4796

Linux/Linux 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c - f28092be4e12b7df9e4f415d25bf0d767bc2d9ed

Linux/Linux 6.12.56 - 6.12.*

Linux/Linux 6.17.6 - 6.17.*

Linux/Linux 6.18

Published Dec 16, 2025

Tracked Since Feb 18, 2026