CVE-2025-21780 in Linux
Summary
by MITRE • 02/27/2025
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
It malicious user provides a small pptable through sysfs and then a bigger pptable, it may cause buffer overflow attack in function smu_sys_set_pp_table().
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 05/25/2026
The vulnerability identified as CVE-2025-21780 resides within the Linux kernel's amdgpu display driver subsystem, specifically in the smu_sys_set_pp_table() function that handles power play table operations for AMD GPU devices. This buffer overflow vulnerability represents a critical security flaw that could potentially allow privilege escalation or system compromise when exploited by malicious actors. The issue manifests when a user with access to sysfs interfaces can manipulate power play table data through the /sys/class/drm/cardX/device/pp_table/ path, creating a scenario where initial small table data can be followed by larger table data that exceeds allocated buffer boundaries.
The technical flaw stems from inadequate input validation and buffer size checking within the smu_sys_set_pp_table() function implementation. When a malicious user first provides a small power play table through sysfs interface, the system allocates memory based on this initial size. Subsequently, when a larger power play table is provided, the function fails to properly validate that the new data size does not exceed the originally allocated buffer space. This classic buffer overflow condition occurs because the system does not enforce proper bounds checking between the initial allocation and subsequent data writes, allowing data to overflow into adjacent memory regions. The vulnerability specifically affects the AMD GPU power management subsystem where the system manages performance states and power configurations through these sysfs interfaces.
The operational impact of this vulnerability extends beyond simple memory corruption, as it creates potential attack vectors for privilege escalation within the Linux kernel environment. An attacker with local access to the system could exploit this vulnerability to execute arbitrary code with kernel privileges, potentially leading to complete system compromise. The attack requires local user access to the sysfs interfaces but does not necessitate elevated privileges initially, making it particularly dangerous in multi-user environments where unprivileged users might have access to GPU-related sysfs entries. This vulnerability affects all Linux kernel versions that include the affected amdgpu driver code, particularly those supporting AMD GPU hardware with power management capabilities.
Mitigation strategies for CVE-2025-21780 should focus on implementing proper bounds checking and input validation within the smu_sys_set_pp_table() function. The recommended approach involves enforcing strict size validation before any data copy operations and ensuring that buffer allocations accommodate the maximum possible table sizes. Security patches should include validation logic that prevents subsequent data writes from exceeding allocated buffer boundaries, potentially implementing dynamic buffer reallocation when necessary or applying strict size limits to prevent overflow conditions. System administrators should also consider restricting access to the affected sysfs interfaces through file system permissions and monitoring for suspicious activity in GPU power management related directories. This vulnerability aligns with CWE-121 as a buffer overflow condition and could be categorized under ATT&CK technique T1068 for bypassing system protections, though the specific attack vector requires local user access to exploit effectively.