#VU105088 Input validation error in Linux kernel - CVE-2025-21784

Cybersecurity Help s.r.o.

Published: 2025-02-27

Vulnerability identifier: #VU105088

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21784

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the psp_init_cap_microcode() function in drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/3f40a7ff39d9f1d283d5aa9b13e2fb16200aff5f
https://git.kernel.org/stable/c/a0a455b4bc7483ad60e8b8a50330c1e05bb7bfcf
https://git.kernel.org/stable/c/d1d10bd595539ed82ab59b60249f9bdf0994f678
https://git.kernel.org/stable/c/e7eb84384335e2abf960c94ec0f8c5b835283777

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Input validation error in Linux kernel amd amdgpu driver