CVE-2025-21968
AMD Display Slab-Use-After-Free Vulnerability
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after-free on hdcp_work [Why] A slab-use-after-free is reported when HDCP is destroyed but the property_validate_dwork queue is still running. [How] Cancel the delayed work when destroying workqueue. (cherry picked from commit 725a04ba5a95e89c89633d4322430cfbca7ce128)
INFO
Published Date :
April 1, 2025, 4:15 p.m.
Last Modified :
April 14, 2025, 12:37 p.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
5.9
Exploitability Score :
1.8
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-21968.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-21968 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2025-21968 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Apr. 14, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Added CWE CWE-416 Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.14:rc6:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.84 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.20 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.13 up to (excluding) 6.13.8 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.236 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.180 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.132 Added Reference Type kernel.org: https://git.kernel.org/stable/c/06acfdef370ae018dad9592369e2d2fd9a40c09e Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/1397715b011bcdc6ad91b17df7acaee301e89db5 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/378b361e2e30e9729f9a7676f7926868d14f4326 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/4964dbc4191ab436877a5e3ecd9c67a4e50b7c36 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/93d701064e56788663d7c5918fbe5e060d5df587 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/bac7b8b1a3f1a86eeec85835af106cbdc2b9d9f7 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/e65e7bea220c3ce8c4c793b4ba35557f4994ab2b Types: Patch -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Apr. 10, 2025
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/06acfdef370ae018dad9592369e2d2fd9a40c09e Added Reference https://git.kernel.org/stable/c/1397715b011bcdc6ad91b17df7acaee301e89db5 -
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Apr. 01, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after-free on hdcp_work [Why] A slab-use-after-free is reported when HDCP is destroyed but the property_validate_dwork queue is still running. [How] Cancel the delayed work when destroying workqueue. (cherry picked from commit 725a04ba5a95e89c89633d4322430cfbca7ce128) Added Reference https://git.kernel.org/stable/c/378b361e2e30e9729f9a7676f7926868d14f4326 Added Reference https://git.kernel.org/stable/c/4964dbc4191ab436877a5e3ecd9c67a4e50b7c36 Added Reference https://git.kernel.org/stable/c/93d701064e56788663d7c5918fbe5e060d5df587 Added Reference https://git.kernel.org/stable/c/bac7b8b1a3f1a86eeec85835af106cbdc2b9d9f7 Added Reference https://git.kernel.org/stable/c/e65e7bea220c3ce8c4c793b4ba35557f4994ab2b
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-21968 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-21968
weaknesses.