Linux Kernel up to 6.15-rc5 dml2_validate allocation of resources

Summaryinfo

A vulnerability has been found in Linux Kernel up to 6.12.28/6.14.6/6.15-rc1/6.15-rc2/6.15-rc5 and classified as problematic. The impacted element is the function dml2_validate. The manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2025-37965. No exploit exists. The affected component should be upgraded.

Detailsinfo

A vulnerability was found in Linux Kernel up to 6.12.28/6.14.6/6.15-rc1/6.15-rc2/6.15-rc5 and classified as problematic. This issue affects the function dml2_validate. The manipulation with an unknown input leads to a allocation of resources vulnerability. Using CWE to declare the problem leads to CWE-770. The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor. The impact remains unknown. The summary by CVE is:

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix invalid context error in dml helper [Why] "BUG: sleeping function called from invalid context" error. after: "drm/amd/display: Protect FPU in dml2_validate()/dml21_validate()" The populate_dml_plane_cfg_from_plane_state() uses the GFP_KERNEL flag for memory allocation, which shouldn't be used in atomic contexts. The allocation is needed only for using another helper function get_scaler_data_for_plane(). [How] Modify helpers to pass a pointer to scaler_data within existing context, eliminating the need for dynamic memory allocation/deallocation and copying. (cherry picked from commit bd3e84bc98f81b44f2c43936bdadc3241d654259)

It is possible to read the advisory at git.kernel.org. The identification of this vulnerability is CVE-2025-37965 since 04/16/2025. Technical details of the vulnerability are known, but there is no available exploit.

The vulnerability scanner Nessus provides a plugin with the ID 242347 (Oracle Linux 9 : Unbreakable Enterprise kernel (ELSA-2025-20480)), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 6.12.29, 6.14.7, 6.15-rc2 or 6.15-rc6 eliminates this vulnerability. Applying the patch d8c4afe78385cd355e4d80299d785379d6e874df/b371f8f6d89ec8dfea796e00a44a57c44fc8fcc0/9984db63742099ee3f3cff35cf71306d10e64356 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the databases at Tenable (242347) and CERT Bund (WID-SEC-2025-1114). Be aware that VulDB is the high quality source for vulnerability data.

Affected

• Debian Linux
• Amazon Linux 2
• Red Hat Enterprise Linux
• Ubuntu Linux
• SUSE Linux
• Oracle Linux
• SUSE openSUSE
• Dell Avamar
• Open Source Linux Kernel
• Dell NetWorker
• Dell Secure Connect Gateway

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 6.12.0
• 6.12.1
• 6.12.2
• 6.12.3
• 6.12.4
• 6.12.5
• 6.12.6
• 6.12.7
• 6.12.8
• 6.12.9
• 6.12.10
• 6.12.11
• 6.12.12
• 6.12.13
• 6.12.14
• 6.12.15
• 6.12.16
• 6.12.17
• 6.12.18
• 6.12.19
• 6.12.20
• 6.12.21
• 6.12.22
• 6.12.23
• 6.12.24
• 6.12.25
• 6.12.26
• 6.12.27
• 6.12.28
• 6.14.0
• 6.14.1
• 6.14.2
• 6.14.3
• 6.14.4
• 6.14.5
• 6.14.6
• 6.15-rc1
• 6.15-rc2
• 6.15-rc3
• 6.15-rc4
• 6.15-rc5

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion