CVE-2025-37852

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() Add error handling to propagate amdgpu_cgs_create_device() failures to the caller. When amdgpu_cgs_create_device() fails, release hwmgr and return -ENOMEM to prevent null pointer dereference. [v1]->[v2]: Change error code from -EINVAL to -ENOMEM. Free hwmgr.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1435e895d4fc967d64e9f5bf81e992ac32f5ac76	Patch
https://git.kernel.org/stable/c/22ea19cc089013b55c240134dbb2797700ff5a6a	Patch
https://git.kernel.org/stable/c/55ef52c30c3e747f145a64de96192e37a8fed670	Patch
https://git.kernel.org/stable/c/b784734811438f11533e2fb9e0deb327844bdb56	Patch
https://git.kernel.org/stable/c/dc4380f34613eaae997b3ed263bd1cb3d0fd0075	Patch
https://git.kernel.org/stable/c/f8693e1bae9c08233a2f535c3f412e157df32b33	Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html	Mailing List

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

17 Nov 2025, 12:52

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/1435e895d4fc967d64e9f5bf81e992ac32f5ac76 -~~	() https://git.kernel.org/stable/c/1435e895d4fc967d64e9f5bf81e992ac32f5ac76 - Patch
References	~~() https://git.kernel.org/stable/c/22ea19cc089013b55c240134dbb2797700ff5a6a -~~	() https://git.kernel.org/stable/c/22ea19cc089013b55c240134dbb2797700ff5a6a - Patch
References	~~() https://git.kernel.org/stable/c/55ef52c30c3e747f145a64de96192e37a8fed670 -~~	() https://git.kernel.org/stable/c/55ef52c30c3e747f145a64de96192e37a8fed670 - Patch
References	~~() https://git.kernel.org/stable/c/b784734811438f11533e2fb9e0deb327844bdb56 -~~	() https://git.kernel.org/stable/c/b784734811438f11533e2fb9e0deb327844bdb56 - Patch
References	~~() https://git.kernel.org/stable/c/dc4380f34613eaae997b3ed263bd1cb3d0fd0075 -~~	() https://git.kernel.org/stable/c/dc4380f34613eaae997b3ed263bd1cb3d0fd0075 - Patch
References	~~() https://git.kernel.org/stable/c/f8693e1bae9c08233a2f535c3f412e157df32b33 -~~	() https://git.kernel.org/stable/c/f8693e1bae9c08233a2f535c3f412e157df32b33 - Patch
References	~~() https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html -~~	() https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html - Mailing List
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:linux:linux_kernel::::::::
CWE		CWE-476
First Time		Linux Debian Debian debian Linux Linux linux Kernel

03 Nov 2025, 20:18

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html -

12 May 2025, 17:32

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: manejo de errores de amdgpu_cgs_create_device() en amd_powerplay_create(). Se ha añadido el manejo de errores para propagar los fallos de amdgpu_cgs_create_device() al llamador. Cuando amdgpu_cgs_create_device() falla, se libera hwmgr y se devuelve -ENOMEM para evitar la desreferencia de punteros nulos. [v1]->[v2]: Se ha cambiado el código de error de -EINVAL a -ENOMEM. Se ha liberado hwmgr.

09 May 2025, 07:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-09 07:16

Updated : 2025-11-17 12:52

NVD link : CVE-2025-37852

Mitre link : CVE-2025-37852

CVE.ORG link : CVE-2025-37852

JSON object : View

Products Affected

debian

debian_linux

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10