CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()

It malicious user provides a small pptable through sysfs and then
a bigger pptable, it may cause buffer overflow attack in function
smu_sys_set_pp_table().

Classification

CVE ID: CVE-2025-21780

Affected Products

Vendor: Linux, Linux

Product: Linux, Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 1.82% (scored less or equal to compared to others)

EPSS Date: 2025-03-27 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-21780
https://git.kernel.org/stable/c/3484ea33157bc7334f57e64826ec5a4bf992151a
https://git.kernel.org/stable/c/e43a8b9c4d700ffec819c5043a48769b3e7d9cab
https://git.kernel.org/stable/c/2498d2db1d35e88a2060ea191ae75dce853dd084
https://git.kernel.org/stable/c/231075c5a8ea54f34b7c4794687baa980814e6de
https://git.kernel.org/stable/c/1abb2648698bf10783d2236a6b4a7ca5e8021699

Timeline

2025-02-27 03:40:40 UTC
CVE

drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()