CVE-2025-39675 in Linux
Summary
by MITRE • 09/05/2025
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session()
The function mod_hdcp_hdcp1_create_session() calls the function get_first_active_display(), but does not check its return value. The return value is a null pointer if the display list is empty. This will lead to a null pointer dereference.
Add a null pointer check for get_first_active_display() and return MOD_HDCP_STATUS_DISPLAY_NOT_FOUND if the function return null.
This is similar to the commit c3e9826a2202 ("drm/amd/display: Add null pointer check for get_first_active_display()").
(cherry picked from commit 5e43eb3cd731649c4f8b9134f857be62a416c893)
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 02/09/2026
The vulnerability identified as CVE-2025-39675 resides within the Linux kernel's AMD display subsystem, specifically affecting the drm/amd/display driver component. This issue manifests as a null pointer dereference condition that occurs during HDCP1 session creation processes. The flaw is particularly significant as it impacts the secure transmission of display content through the HDCP (High-bandwidth Digital Content Protection) protocol, which is essential for protecting copyrighted digital media from unauthorized copying during transmission between devices.
The technical implementation of this vulnerability stems from insufficient input validation within the mod_hdcp_hdcp1_create_session() function. This function invokes get_first_active_display() to retrieve the first active display from a display list, but fails to validate whether the returned pointer is null. When the display list contains no active displays, get_first_active_display() properly returns a null pointer, which then gets dereferenced by the calling function without proper null checking. This represents a classic null pointer dereference vulnerability that can lead to kernel crashes and system instability.
The operational impact of this vulnerability extends beyond simple system crashes, as it could potentially be exploited to cause denial of service conditions within systems utilizing AMD graphics hardware. The vulnerability affects any system running a Linux kernel version that includes the affected drm/amd/display driver code, particularly those implementing HDCP1 content protection mechanisms. Attackers could potentially trigger this condition through malformed display configurations or by manipulating display enumeration processes, leading to system hangs or reboots that could disrupt legitimate user activities.
The fix implemented for this vulnerability follows established security best practices by adding a null pointer check immediately after the get_first_active_display() function call. When the function returns null, the code now properly returns MOD_HDCP_STATUS_DISPLAY_NOT_FOUND instead of attempting to dereference the null pointer. This approach aligns with the principle of defensive programming and follows the same remediation pattern established in a previous commit c3e9826a2202, demonstrating consistent security hardening across the codebase. The solution maintains the intended functionality while preventing the kernel crash condition through proper error handling.
This vulnerability classification aligns with CWE-476 which identifies null pointer dereference as a common software weakness, and can be mapped to ATT&CK technique T1499.004 which covers network denial of service through system resource exhaustion. The fix represents a fundamental security improvement that prevents potential exploitation through kernel memory corruption, which could theoretically be extended to more sophisticated attack vectors if combined with other vulnerabilities. The remediation approach also reflects the importance of proper input validation and error handling in kernel space code, where such issues can have cascading effects on system stability and security posture.