CVE-2025-21987

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: init return value in amdgpu_ttm_clear_buffer Otherwise an uninitialized value can be returned if amdgpu_res_cleared returns true for all regions. Possibly closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3812 (cherry picked from commit 7c62aacc3b452f73a1284198c81551035fac6d71)

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/5bd98c2df4a0f2e2dcbdf563feb8d348406377b5	Patch
https://git.kernel.org/stable/c/d2c9625b0ade41f9917875d88173a0cc802b95fc	Patch
https://git.kernel.org/stable/c/d3c7059b6a8600fc62cd863f1ea203b8675e63e1	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc4::::::

History

30 Oct 2025, 19:20

Type	Values Removed	Values Added
CWE		CWE-908
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: valor de retorno inicial en amdgpu_ttm_clear_buffer. De lo contrario, se puede devolver un valor no inicializado si amdgpu_res_cleared devuelve verdadero para todas las regiones. Posible cierre: https://gitlab.freedesktop.org/drm/amd/-/issues/3812 (seleccionado de la confirmación 7c62aacc3b452f73a1284198c81551035fac6d71).
CPE		cpe:2.3:o:linux:linux_kernel:6.14:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc4:::::: cpe:2.3:o:linux:linux_kernel::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~() https://git.kernel.org/stable/c/5bd98c2df4a0f2e2dcbdf563feb8d348406377b5 -~~	() https://git.kernel.org/stable/c/5bd98c2df4a0f2e2dcbdf563feb8d348406377b5 - Patch
References	~~() https://git.kernel.org/stable/c/d2c9625b0ade41f9917875d88173a0cc802b95fc -~~	() https://git.kernel.org/stable/c/d2c9625b0ade41f9917875d88173a0cc802b95fc - Patch
References	~~() https://git.kernel.org/stable/c/d3c7059b6a8600fc62cd863f1ea203b8675e63e1 -~~	() https://git.kernel.org/stable/c/d3c7059b6a8600fc62cd863f1ea203b8675e63e1 - Patch
First Time		Linux linux Kernel Linux

02 Apr 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-02 13:15

Updated : 2025-10-30 19:20

NVD link : CVE-2025-21987

Mitre link : CVE-2025-21987

CVE.ORG link : CVE-2025-21987

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-908

Use of Uninitialized Resource

5.5 /10