CVE-2025-21747: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/ast: astdp: Fix timeout for enabling video signal The ASTDP transmitter sometimes takes up to 1 second for enabling the video signal, while the timeout is only 200 msec. This results in a kernel error message. Increase the timeout to 1 second. An example of the error message is shown below. [ 697.084433] ------------[ cut here ]------------ [ 697.091115] ast 0000:02:00.0: [drm] drm_WARN_ON(!__ast_dp_wait_enable(ast, enabled)) [ 697.091233] WARNING: CPU: 1 PID: 160 at drivers/gpu/drm/ast/ast_dp.c:232 ast_dp_set_enable+0x123/0x140 [ast] [...] [ 697.272469] RIP: 0010:ast_dp_set_enable+0x123/0x140 [ast] [...] [ 697.415283] Call Trace: [ 697.420727] <TASK> [ 697.425908] ? show_trace_log_lvl+0x196/0x2c0 [ 697.433304] ? show_trace_log_lvl+0x196/0x2c0 [ 697.440693] ? drm_atomic_helper_commit_modeset_enables+0x30a/0x470 [ 697.450115] ? ast_dp_set_enable+0x123/0x140 [ast] [ 697.458059] ? __warn.cold+0xaf/0xca [ 697.464713] ? ast_dp_set_enable+0x123/0x140 [ast] [ 697.472633] ? report_bug+0x134/0x1d0 [ 697.479544] ? handle_bug+0x58/0x90 [ 697.486127] ? exc_invalid_op+0x13/0x40 [ 697.492975] ? asm_exc_invalid_op+0x16/0x20 [ 697.500224] ? preempt_count_sub+0x14/0xc0 [ 697.507473] ? ast_dp_set_enable+0x123/0x140 [ast] [ 697.515377] ? ast_dp_set_enable+0x123/0x140 [ast] [ 697.523227] drm_atomic_helper_commit_modeset_enables+0x30a/0x470 [ 697.532388] drm_atomic_helper_commit_tail+0x58/0x90 [ 697.540400] ast_mode_config_helper_atomic_commit_tail+0x30/0x40 [ast] [ 697.550009] commit_tail+0xfe/0x1d0 [ 697.556547] drm_atomic_helper_commit+0x198/0x1c0 This is a cosmetical problem. Enabling the video signal still works even with the error message. The problem has always been present, but only recent versions of the ast driver warn about missing the timeout.
AI Analysis
Technical Summary
CVE-2025-21747 addresses a vulnerability in the Linux kernel's AST DisplayPort (ast_dp) driver, specifically related to the timeout value used when enabling the video signal. The ASTDP transmitter sometimes requires up to 1 second to enable the video signal, but the driver was configured with a timeout of only 200 milliseconds. This mismatch causes the driver to emit kernel warning messages indicating a timeout failure, although the video signal eventually enables successfully. The issue is rooted in the drm/ast driver code where the timeout for enabling the video signal was insufficient, leading to false-positive kernel error logs. The patch increases the timeout to 1 second to align with the actual hardware behavior, eliminating these erroneous warnings. Importantly, this vulnerability is cosmetic in nature; it does not affect the actual functionality or security of the video signal enabling process. The problem has existed for some time but only recent versions of the ast driver produce these warnings. There is no evidence of exploitation in the wild, and no direct impact on confidentiality, integrity, or availability of the system. The vulnerability does not require authentication or user interaction to manifest, but it does not represent a security risk beyond generating misleading kernel logs.
Potential Impact
For European organizations, the impact of CVE-2025-21747 is minimal from a security perspective. The vulnerability causes kernel warning messages that may confuse system administrators or trigger unnecessary alerts in monitoring systems, potentially leading to wasted troubleshooting efforts. However, it does not compromise system security, data confidentiality, or availability. Organizations relying on Linux systems with AST graphics hardware might observe these warnings in system logs, but no functional degradation or security breach is expected. The main operational impact is cosmetic and related to system log noise rather than any exploitable flaw. Therefore, the risk to European enterprises, including critical infrastructure or sensitive environments, is negligible. Nonetheless, maintaining clean and accurate system logs is important for operational security hygiene and incident response, so addressing this issue is beneficial.
Mitigation Recommendations
The primary mitigation is to apply the updated Linux kernel patch that increases the timeout for enabling the video signal from 200 milliseconds to 1 second in the ast_dp driver. This patch eliminates the false timeout warnings and aligns the driver behavior with the hardware characteristics. Organizations should ensure their Linux distributions or kernel versions include this fix. For environments where immediate patching is not feasible, administrators can suppress or filter the specific kernel warning messages to reduce log noise temporarily. Monitoring and alerting rules should be adjusted to avoid false positives triggered by this known benign warning. Additionally, organizations should maintain an up-to-date inventory of hardware using AST graphics and verify kernel versions to prioritize patch deployment. Since this is a cosmetic issue, no further security controls or mitigations are necessary.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden, Belgium, Finland
CVE-2025-21747: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/ast: astdp: Fix timeout for enabling video signal The ASTDP transmitter sometimes takes up to 1 second for enabling the video signal, while the timeout is only 200 msec. This results in a kernel error message. Increase the timeout to 1 second. An example of the error message is shown below. [ 697.084433] ------------[ cut here ]------------ [ 697.091115] ast 0000:02:00.0: [drm] drm_WARN_ON(!__ast_dp_wait_enable(ast, enabled)) [ 697.091233] WARNING: CPU: 1 PID: 160 at drivers/gpu/drm/ast/ast_dp.c:232 ast_dp_set_enable+0x123/0x140 [ast] [...] [ 697.272469] RIP: 0010:ast_dp_set_enable+0x123/0x140 [ast] [...] [ 697.415283] Call Trace: [ 697.420727] <TASK> [ 697.425908] ? show_trace_log_lvl+0x196/0x2c0 [ 697.433304] ? show_trace_log_lvl+0x196/0x2c0 [ 697.440693] ? drm_atomic_helper_commit_modeset_enables+0x30a/0x470 [ 697.450115] ? ast_dp_set_enable+0x123/0x140 [ast] [ 697.458059] ? __warn.cold+0xaf/0xca [ 697.464713] ? ast_dp_set_enable+0x123/0x140 [ast] [ 697.472633] ? report_bug+0x134/0x1d0 [ 697.479544] ? handle_bug+0x58/0x90 [ 697.486127] ? exc_invalid_op+0x13/0x40 [ 697.492975] ? asm_exc_invalid_op+0x16/0x20 [ 697.500224] ? preempt_count_sub+0x14/0xc0 [ 697.507473] ? ast_dp_set_enable+0x123/0x140 [ast] [ 697.515377] ? ast_dp_set_enable+0x123/0x140 [ast] [ 697.523227] drm_atomic_helper_commit_modeset_enables+0x30a/0x470 [ 697.532388] drm_atomic_helper_commit_tail+0x58/0x90 [ 697.540400] ast_mode_config_helper_atomic_commit_tail+0x30/0x40 [ast] [ 697.550009] commit_tail+0xfe/0x1d0 [ 697.556547] drm_atomic_helper_commit+0x198/0x1c0 This is a cosmetical problem. Enabling the video signal still works even with the error message. The problem has always been present, but only recent versions of the ast driver warn about missing the timeout.
AI-Powered Analysis
Technical Analysis
CVE-2025-21747 addresses a vulnerability in the Linux kernel's AST DisplayPort (ast_dp) driver, specifically related to the timeout value used when enabling the video signal. The ASTDP transmitter sometimes requires up to 1 second to enable the video signal, but the driver was configured with a timeout of only 200 milliseconds. This mismatch causes the driver to emit kernel warning messages indicating a timeout failure, although the video signal eventually enables successfully. The issue is rooted in the drm/ast driver code where the timeout for enabling the video signal was insufficient, leading to false-positive kernel error logs. The patch increases the timeout to 1 second to align with the actual hardware behavior, eliminating these erroneous warnings. Importantly, this vulnerability is cosmetic in nature; it does not affect the actual functionality or security of the video signal enabling process. The problem has existed for some time but only recent versions of the ast driver produce these warnings. There is no evidence of exploitation in the wild, and no direct impact on confidentiality, integrity, or availability of the system. The vulnerability does not require authentication or user interaction to manifest, but it does not represent a security risk beyond generating misleading kernel logs.
Potential Impact
For European organizations, the impact of CVE-2025-21747 is minimal from a security perspective. The vulnerability causes kernel warning messages that may confuse system administrators or trigger unnecessary alerts in monitoring systems, potentially leading to wasted troubleshooting efforts. However, it does not compromise system security, data confidentiality, or availability. Organizations relying on Linux systems with AST graphics hardware might observe these warnings in system logs, but no functional degradation or security breach is expected. The main operational impact is cosmetic and related to system log noise rather than any exploitable flaw. Therefore, the risk to European enterprises, including critical infrastructure or sensitive environments, is negligible. Nonetheless, maintaining clean and accurate system logs is important for operational security hygiene and incident response, so addressing this issue is beneficial.
Mitigation Recommendations
The primary mitigation is to apply the updated Linux kernel patch that increases the timeout for enabling the video signal from 200 milliseconds to 1 second in the ast_dp driver. This patch eliminates the false timeout warnings and aligns the driver behavior with the hardware characteristics. Organizations should ensure their Linux distributions or kernel versions include this fix. For environments where immediate patching is not feasible, administrators can suppress or filter the specific kernel warning messages to reduce log noise temporarily. Monitoring and alerting rules should be adjusted to avoid false positives triggered by this known benign warning. Additionally, organizations should maintain an up-to-date inventory of hardware using AST graphics and verify kernel versions to prioritize patch deployment. Since this is a cosmetic issue, no further security controls or mitigations are necessary.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T08:45:45.758Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9832c4522896dcbe8697
Added to database: 5/21/2025, 9:09:06 AM
Last enriched: 6/30/2025, 8:43:06 AM
Last updated: 8/18/2025, 11:28:39 PM
Views: 20
Related Threats
CVE-2025-9132: Out of bounds write in Google Chrome
HighCVE-2025-9193: Open Redirect in TOTVS Portal Meu RH
MediumCVE-2025-9176: OS Command Injection in neurobin shc
MediumCVE-2025-9175: Stack-based Buffer Overflow in neurobin shc
MediumCVE-2025-9174: OS Command Injection in neurobin shc
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.