CVE-2025-21985
- Source
- https://cve.org/CVERecord?id=CVE-2025-21985
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21985.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-21985
- Downstream
- Related
- Published
- 2025-04-01T15:47:12.103Z
- Modified
- 2026-03-23T05:11:22.050283611Z
- Summary
- drm/amd/display: Fix out-of-bound accesses
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix out-of-bound accesses
[WHAT & HOW] hpostreamtolinkencodermapping has size MAXHPODP2ENCODERS(=4), but location can have size up to 6. As a result, it is necessary to check location against MAXHPODP2_ENCODERS.
Similiarly, dispcfgstream_location can be used as an array index which should be 0..5, so the ASSERT's conditions should be less without equal.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21985.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/36793d90d76f667d26c6dd025571481ee0c96abc
- https://git.kernel.org/stable/c/8adbb2a98b00926315fd513b5fe2596b5716b82d
- https://git.kernel.org/stable/c/9aedc776b11038f04f4641241bb7e877781e4aa4
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21985.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-21985
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7cFixed36793d90d76f667d26c6dd025571481ee0c96abcFixed9aedc776b11038f04f4641241bb7e877781e4aa4Fixed8adbb2a98b00926315fd513b5fe2596b5716b82d
Affected versions
v4.*
v4.13
v4.13-rc6
v4.13-rc7
v4.14
v4.14-rc1
v4.14-rc2
v4.14-rc3
v4.14-rc4
v4.14-rc5
v4.14-rc6
v4.14-rc7
v4.14-rc8
v4.15
v4.15-rc1
v4.15-rc2
v4.15-rc3
v4.15-rc4
v4.15-rc5
v4.15-rc6
v4.15-rc7
v4.15-rc8
v4.15-rc9
v4.16
v4.16-rc1
v4.16-rc2
v4.16-rc3
v4.16-rc4
v4.16-rc5
v4.16-rc6
v4.16-rc7
v4.17
v4.17-rc1
v4.17-rc2
v4.17-rc3
v4.17-rc4
v4.17-rc5
v4.17-rc6
v4.17-rc7
v4.18
v4.18-rc1
v4.18-rc2
v4.18-rc3
v4.18-rc4
v4.18-rc5
v4.18-rc6
v4.18-rc7
v4.18-rc8
v4.19
v4.19-rc1
v4.19-rc2
v4.19-rc3
v4.19-rc4
v4.19-rc5
v4.19-rc6
v4.19-rc7
v4.19-rc8
v4.20
v4.20-rc1
v4.20-rc2
v4.20-rc3
v4.20-rc4
v4.20-rc5
v4.20-rc6
v4.20-rc7
v5.*
v5.0
v5.0-rc1
v5.0-rc2
v5.0-rc3
v5.0-rc4
v5.0-rc5
v5.0-rc6
v5.0-rc7
v5.0-rc8
v5.1
v5.1-rc1
v5.1-rc2
v5.1-rc3
v5.1-rc4
v5.1-rc5
v5.1-rc6
v5.1-rc7
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.2
v5.2-rc1
v5.2-rc2
v5.2-rc3
v5.2-rc4
v5.2-rc5
v5.2-rc6
v5.2-rc7
v5.3
v5.3-rc1
v5.3-rc2
v5.3-rc3
v5.3-rc4
v5.3-rc5
v5.3-rc6
v5.3-rc7
v5.3-rc8
v5.4
v5.4-rc1
v5.4-rc2
v5.4-rc3
v5.4-rc4
v5.4-rc5
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.13.1
v6.13.2
v6.13.3
v6.13.4
v6.13.5
v6.13.6
v6.13.7
v6.14-rc1
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21985.json"
vanir_signatures
[
{
"signature_type": "Function",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9aedc776b11038f04f4641241bb7e877781e4aa4",
"target": {
"function": "dml21_map_dc_state_into_dml_display_cfg",
"file": "drivers/gpu/drm/amd/display/dc/dml2/dml21/dml21_translation_helper.c"
},
"id": "CVE-2025-21985-1b26ba0f",
"signature_version": "v1",
"digest": {
"function_hash": "122412977014244285900934781755173685172",
"length": 3312.0
}
},
{
"signature_type": "Function",
"id": "CVE-2025-21985-b2ad542e",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9aedc776b11038f04f4641241bb7e877781e4aa4",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "populate_dml_output_cfg_from_stream_state",
"file": "drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c"
},
"digest": {
"function_hash": "39094840287275881572169778394813395297",
"length": 3030.0
}
},
{
"signature_type": "Function",
"id": "CVE-2025-21985-b72c68d0",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9aedc776b11038f04f4641241bb7e877781e4aa4",
"signature_version": "v1",
"target": {
"function": "map_dc_state_into_dml_display_cfg",
"file": "drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c"
},
"deprecated": false,
"digest": {
"function_hash": "268935313131308889637982485578304801247",
"length": 5644.0
}
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9aedc776b11038f04f4641241bb7e877781e4aa4",
"target": {
"file": "drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c"
},
"id": "CVE-2025-21985-d0722a3b",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"339739865176976784866709956321697718713",
"32852756141407062907605967716254374598",
"254311382076465062806316049666979150999",
"118057803952458377685111172913672426856",
"97891234608647165886891821187609666377",
"164501767684305016486224984036966823142",
"14797367903553444923684795115879730797",
"90223217137167547367061772612096729209",
"116530111518036636389834318931168513568",
"327089466627034068321886269907714729623",
"188024409797914448205443242840816154574",
"243315400538307574458137927231057425163"
]
}
},
{
"signature_type": "Line",
"target": {
"file": "drivers/gpu/drm/amd/display/dc/dml2/dml21/dml21_translation_helper.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9aedc776b11038f04f4641241bb7e877781e4aa4",
"id": "CVE-2025-21985-da91ec0e",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"148012881884539589451016793322557729633",
"185452331473314450461681333590192456142",
"53513010122954208361604198399481707251",
"101453661288003526624768626349103375951",
"178449052245558425558113777530795694382",
"178347766693079972293213283675041561711",
"9479120853192589723518513983966216482",
"242058457379009194060535208306231132059"
]
}
}
]