CVE-2025-21747 in Linuxinfo

Summary

by MITRE • 02/27/2025

In the Linux kernel, the following vulnerability has been resolved:

drm/ast: astdp: Fix timeout for enabling video signal

The ASTDP transmitter sometimes takes up to 1 second for enabling the video signal, while the timeout is only 200 msec. This results in a kernel error message. Increase the timeout to 1 second. An example of the error message is shown below.

[ 697.084433] ------------[ cut here ]------------
[ 697.091115] ast 0000:02:00.0: [drm] drm_WARN_ON(!__ast_dp_wait_enable(ast, enabled))
[ 697.091233] WARNING: CPU: 1 PID: 160 at drivers/gpu/drm/ast/ast_dp.c:232 ast_dp_set_enable+0x123/0x140 [ast]
[...]
[ 697.272469] RIP: 0010:ast_dp_set_enable+0x123/0x140 [ast]
[...]
[ 697.415283] Call Trace:
[ 697.420727] <TASK>
[ 697.425908] ? show_trace_log_lvl+0x196/0x2c0
[ 697.433304] ? show_trace_log_lvl+0x196/0x2c0
[ 697.440693] ? drm_atomic_helper_commit_modeset_enables+0x30a/0x470
[ 697.450115] ? ast_dp_set_enable+0x123/0x140 [ast]
[ 697.458059] ? __warn.cold+0xaf/0xca
[ 697.464713] ? ast_dp_set_enable+0x123/0x140 [ast]
[ 697.472633] ? report_bug+0x134/0x1d0
[ 697.479544] ? handle_bug+0x58/0x90
[ 697.486127] ? exc_invalid_op+0x13/0x40
[ 697.492975] ? asm_exc_invalid_op+0x16/0x20
[ 697.500224] ? preempt_count_sub+0x14/0xc0
[ 697.507473] ? ast_dp_set_enable+0x123/0x140 [ast]
[ 697.515377] ? ast_dp_set_enable+0x123/0x140 [ast]
[ 697.523227] drm_atomic_helper_commit_modeset_enables+0x30a/0x470
[ 697.532388] drm_atomic_helper_commit_tail+0x58/0x90
[ 697.540400] ast_mode_config_helper_atomic_commit_tail+0x30/0x40 [ast]
[ 697.550009] commit_tail+0xfe/0x1d0
[ 697.556547] drm_atomic_helper_commit+0x198/0x1c0

This is a cosmetical problem. Enabling the video signal still works even with the error message. The problem has always been present, but only recent versions of the ast driver warn about missing the timeout.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 05/25/2026

The vulnerability CVE-2025-21747 addresses a timing issue within the Linux kernel's direct rendering manager implementation for AST (Astoria) display processors. This flaw specifically affects the ast_dp_set_enable function in the ast_dp.c driver file, where the system encounters a timeout condition when attempting to enable video signals through the ASTDP transmitter. The root cause stems from an insufficient timeout value of 200 milliseconds, which cannot accommodate the actual time required by certain hardware implementations that may take up to one second to complete the enabling process. This discrepancy triggers kernel warning messages and can potentially disrupt display output initialization sequences.

The technical implementation reveals that the driver performs a wait operation using the __ast_dp_wait_enable helper function, which is designed to monitor the completion status of video signal enabling. When the actual hardware response exceeds the configured 200 millisecond threshold, the drm_WARN_ON macro triggers a kernel warning, indicating that the expected condition was not met. The error trace shows this failure occurs during the drm_atomic_helper_commit_modeset_enables function call chain, which is part of the standard display mode setting process in the DRM subsystem. This particular code path demonstrates a classic race condition or timing synchronization problem where software assumptions about hardware behavior do not align with actual implementation characteristics.

From an operational standpoint, this vulnerability represents a low-severity issue that manifests primarily as cosmetic warning messages rather than functional failures. The kernel continues to operate normally and successfully enables the video signal despite the timeout warning, making this more of an annoyance than a critical system failure. However, the presence of these warnings can complicate system diagnostics and may mask other underlying issues during troubleshooting. The vulnerability has existed for some time but only became apparent in recent driver versions due to enhanced warning mechanisms that were not present in earlier implementations. This aligns with CWE-674 principle of "Uncontrolled Resource Consumption" and potentially relates to CWE-362, which addresses race conditions in concurrent systems.

The mitigation strategy involves increasing the timeout value from 200 milliseconds to 1000 milliseconds to properly accommodate the actual hardware response times. This change ensures that legitimate hardware behavior does not trigger unnecessary warnings while maintaining system stability. The fix follows established best practices for handling hardware timing variations in kernel drivers and aligns with ATT&CK technique T1547.001 for system modification through kernel-level changes. Organizations should apply this patch to ensure clean system logs and prevent potential confusion during debugging operations. The solution maintains backward compatibility while addressing the specific timing mismatch between software expectations and hardware realities. This type of fix demonstrates proper defensive programming practices where software components account for the full range of possible hardware behaviors rather than assuming fixed response times.

Responsible

Linux

Reservation

12/29/2024

Disclosure

02/27/2025

Moderation

accepted

CPE

ready

EPSS

0.00163

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!