CVE-2025-22093: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: avoid NPD when ASIC does not support DMUB ctx->dmub_srv will de NULL if the ASIC does not support DMUB, which is tested in dm_dmub_sw_init. However, it will be dereferenced in dmub_hw_lock_mgr_cmd if should_use_dmub_lock returns true. This has been the case since dmub support has been added for PSR1. Fix this by checking for dmub_srv in should_use_dmub_lock. [ 37.440832] BUG: kernel NULL pointer dereference, address: 0000000000000058 [ 37.447808] #PF: supervisor read access in kernel mode [ 37.452959] #PF: error_code(0x0000) - not-present page [ 37.458112] PGD 0 P4D 0 [ 37.460662] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI [ 37.465553] CPU: 2 UID: 1000 PID: 1745 Comm: DrmThread Not tainted 6.14.0-rc1-00003-gd62e938120f0 #23 99720e1cb1e0fc4773b8513150932a07de3c6e88 [ 37.478324] Hardware name: Google Morphius/Morphius, BIOS Google_Morphius.13434.858.0 10/26/2023 [ 37.487103] RIP: 0010:dmub_hw_lock_mgr_cmd+0x77/0xb0 [ 37.492074] Code: 44 24 0e 00 00 00 00 48 c7 04 24 45 00 00 0c 40 88 74 24 0d 0f b6 02 88 44 24 0c 8b 01 89 44 24 08 85 f6 75 05 c6 44 24 0e 01 <48> 8b 7f 58 48 89 e6 ba 01 00 00 00 e8 08 3c 2a 00 65 48 8b 04 5 [ 37.510822] RSP: 0018:ffff969442853300 EFLAGS: 00010202 [ 37.516052] RAX: 0000000000000000 RBX: ffff92db03000000 RCX: ffff969442853358 [ 37.523185] RDX: ffff969442853368 RSI: 0000000000000001 RDI: 0000000000000000 [ 37.530322] RBP: 0000000000000001 R08: 00000000000004a7 R09: 00000000000004a5 [ 37.537453] R10: 0000000000000476 R11: 0000000000000062 R12: ffff92db0ade8000 [ 37.544589] R13: ffff92da01180ae0 R14: ffff92da011802a8 R15: ffff92db03000000 [ 37.551725] FS: 0000784a9cdfc6c0(0000) GS:ffff92db2af00000(0000) knlGS:0000000000000000 [ 37.559814] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.565562] CR2: 0000000000000058 CR3: 0000000112b1c000 CR4: 00000000003506f0 [ 37.572697] Call Trace: [ 37.575152] <TASK> [ 37.577258] ? __die_body+0x66/0xb0 [ 37.580756] ? page_fault_oops+0x3e7/0x4a0 [ 37.584861] ? exc_page_fault+0x3e/0xe0 [ 37.588706] ? exc_page_fault+0x5c/0xe0 [ 37.592550] ? asm_exc_page_fault+0x22/0x30 [ 37.596742] ? dmub_hw_lock_mgr_cmd+0x77/0xb0 [ 37.601107] dcn10_cursor_lock+0x1e1/0x240 [ 37.605211] program_cursor_attributes+0x81/0x190 [ 37.609923] commit_planes_for_stream+0x998/0x1ef0 [ 37.614722] update_planes_and_stream_v2+0x41e/0x5c0 [ 37.619703] dc_update_planes_and_stream+0x78/0x140 [ 37.624588] amdgpu_dm_atomic_commit_tail+0x4362/0x49f0 [ 37.629832] ? srso_return_thunk+0x5/0x5f [ 37.633847] ? mark_held_locks+0x6d/0xd0 [ 37.637774] ? _raw_spin_unlock_irq+0x24/0x50 [ 37.642135] ? srso_return_thunk+0x5/0x5f [ 37.646148] ? lockdep_hardirqs_on+0x95/0x150 [ 37.650510] ? srso_return_thunk+0x5/0x5f [ 37.654522] ? _raw_spin_unlock_irq+0x2f/0x50 [ 37.658883] ? srso_return_thunk+0x5/0x5f [ 37.662897] ? wait_for_common+0x186/0x1c0 [ 37.666998] ? srso_return_thunk+0x5/0x5f [ 37.671009] ? drm_crtc_next_vblank_start+0xc3/0x170 [ 37.675983] commit_tail+0xf5/0x1c0 [ 37.679478] drm_atomic_helper_commit+0x2a2/0x2b0 [ 37.684186] drm_atomic_commit+0xd6/0x100 [ 37.688199] ? __cfi___drm_printfn_info+0x10/0x10 [ 37.692911] drm_atomic_helper_update_plane+0xe5/0x130 [ 37.698054] drm_mode_cursor_common+0x501/0x670 [ 37.702600] ? __cfi_drm_mode_cursor_ioctl+0x10/0x10 [ 37.707572] drm_mode_cursor_ioctl+0x48/0x70 [ 37.711851] drm_ioctl_kernel+0xf2/0x150 [ 37.715781] drm_ioctl+0x363/0x590 [ 37.719189] ? __cfi_drm_mode_cursor_ioctl+0x10/0x10 [ 37.724165] amdgpu_drm_ioctl+0x41/0x80 [ 37.728013] __se_sys_ioctl+0x7f/0xd0 [ 37.731685] do_syscall_64+0x87/0x100 [ 37.735355] ? vma_end_read+0x12/0xe0 [ 37.739024] ? srso_return_thunk+0x5/0x5f [ 37.743041] ? find_held_lock+0x47/0xf0 [ 37.746884] ? vma_end_read+0x12/0xe0 [ 37.750552] ? srso_return_thunk+0x5/0 ---truncated---
AI Analysis
Technical Summary
CVE-2025-22093 is a vulnerability identified in the Linux kernel specifically related to the Direct Rendering Manager (DRM) subsystem for AMD graphics hardware. The flaw arises in the drm/amd/display driver code where a NULL pointer dereference can occur when the ASIC (Application-Specific Integrated Circuit) does not support DMUB (Display Microcontroller Unit). The vulnerability is caused by insufficient validation in the function dmub_hw_lock_mgr_cmd, which dereferences the ctx->dmub_srv pointer without confirming it is non-NULL. Although the pointer is set to NULL for unsupported ASICs in dm_dmub_sw_init, the subsequent check in should_use_dmub_lock does not verify the pointer before use, leading to a kernel NULL pointer dereference. This results in a kernel oops and system crash, as evidenced by the kernel panic logs showing supervisor read access faults and page faults at address 0x58. The issue has existed since DMUB support was introduced for PSR1 (Panel Self Refresh) and is fixed by adding a NULL check for dmub_srv in should_use_dmub_lock. The vulnerability affects multiple Linux kernel versions identified by specific commit hashes. Exploitation would cause a denial of service (DoS) by crashing the kernel, impacting system availability. There is no indication of privilege escalation or arbitrary code execution from this flaw. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability is technical and specific to AMD GPU drivers in Linux kernels that support DMUB functionality but do not properly handle unsupported ASICs.
Potential Impact
For European organizations, this vulnerability primarily poses a risk of denial of service on Linux systems running affected kernel versions with AMD GPU hardware that does not support DMUB. Organizations relying on Linux servers, workstations, or embedded devices with AMD graphics could experience unexpected kernel crashes leading to system downtime. This can disrupt critical services, especially in environments where high availability is required such as financial institutions, telecommunications, healthcare, and public sector infrastructure. Although the vulnerability does not appear to allow privilege escalation or data compromise, the loss of availability can have significant operational and reputational impacts. Systems used for graphical workloads or those utilizing DRM for display management are at risk. Given the widespread use of Linux across European enterprises and public institutions, the impact could be broad if patches are not applied promptly. However, the requirement for specific hardware conditions (AMD ASICs without DMUB support) limits the scope somewhat. The lack of known exploits reduces immediate risk, but the vulnerability should be treated seriously due to the potential for service disruption.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address this vulnerability as soon as they become available from trusted sources or Linux distributions. Monitor vendor advisories for updated kernel packages. 2. For organizations using custom or embedded Linux kernels, ensure that the drm/amd/display driver code includes the NULL pointer check in should_use_dmub_lock before dereferencing dmub_srv. 3. Conduct an inventory of AMD GPU hardware in use to identify devices that do not support DMUB and prioritize patching those systems. 4. Implement robust monitoring and alerting for kernel oops or crashes related to DRM or GPU drivers to detect potential exploitation attempts or instability. 5. Where feasible, consider temporarily disabling DMUB support or related DRM features on vulnerable systems until patches are applied to reduce exposure. 6. Maintain regular backups and high availability configurations to minimize operational impact from potential DoS conditions. 7. Educate system administrators about this specific vulnerability to ensure timely response and patch management. 8. Test patches in staging environments to verify stability before deployment in production.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2025-22093: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: avoid NPD when ASIC does not support DMUB ctx->dmub_srv will de NULL if the ASIC does not support DMUB, which is tested in dm_dmub_sw_init. However, it will be dereferenced in dmub_hw_lock_mgr_cmd if should_use_dmub_lock returns true. This has been the case since dmub support has been added for PSR1. Fix this by checking for dmub_srv in should_use_dmub_lock. [ 37.440832] BUG: kernel NULL pointer dereference, address: 0000000000000058 [ 37.447808] #PF: supervisor read access in kernel mode [ 37.452959] #PF: error_code(0x0000) - not-present page [ 37.458112] PGD 0 P4D 0 [ 37.460662] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI [ 37.465553] CPU: 2 UID: 1000 PID: 1745 Comm: DrmThread Not tainted 6.14.0-rc1-00003-gd62e938120f0 #23 99720e1cb1e0fc4773b8513150932a07de3c6e88 [ 37.478324] Hardware name: Google Morphius/Morphius, BIOS Google_Morphius.13434.858.0 10/26/2023 [ 37.487103] RIP: 0010:dmub_hw_lock_mgr_cmd+0x77/0xb0 [ 37.492074] Code: 44 24 0e 00 00 00 00 48 c7 04 24 45 00 00 0c 40 88 74 24 0d 0f b6 02 88 44 24 0c 8b 01 89 44 24 08 85 f6 75 05 c6 44 24 0e 01 <48> 8b 7f 58 48 89 e6 ba 01 00 00 00 e8 08 3c 2a 00 65 48 8b 04 5 [ 37.510822] RSP: 0018:ffff969442853300 EFLAGS: 00010202 [ 37.516052] RAX: 0000000000000000 RBX: ffff92db03000000 RCX: ffff969442853358 [ 37.523185] RDX: ffff969442853368 RSI: 0000000000000001 RDI: 0000000000000000 [ 37.530322] RBP: 0000000000000001 R08: 00000000000004a7 R09: 00000000000004a5 [ 37.537453] R10: 0000000000000476 R11: 0000000000000062 R12: ffff92db0ade8000 [ 37.544589] R13: ffff92da01180ae0 R14: ffff92da011802a8 R15: ffff92db03000000 [ 37.551725] FS: 0000784a9cdfc6c0(0000) GS:ffff92db2af00000(0000) knlGS:0000000000000000 [ 37.559814] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.565562] CR2: 0000000000000058 CR3: 0000000112b1c000 CR4: 00000000003506f0 [ 37.572697] Call Trace: [ 37.575152] <TASK> [ 37.577258] ? __die_body+0x66/0xb0 [ 37.580756] ? page_fault_oops+0x3e7/0x4a0 [ 37.584861] ? exc_page_fault+0x3e/0xe0 [ 37.588706] ? exc_page_fault+0x5c/0xe0 [ 37.592550] ? asm_exc_page_fault+0x22/0x30 [ 37.596742] ? dmub_hw_lock_mgr_cmd+0x77/0xb0 [ 37.601107] dcn10_cursor_lock+0x1e1/0x240 [ 37.605211] program_cursor_attributes+0x81/0x190 [ 37.609923] commit_planes_for_stream+0x998/0x1ef0 [ 37.614722] update_planes_and_stream_v2+0x41e/0x5c0 [ 37.619703] dc_update_planes_and_stream+0x78/0x140 [ 37.624588] amdgpu_dm_atomic_commit_tail+0x4362/0x49f0 [ 37.629832] ? srso_return_thunk+0x5/0x5f [ 37.633847] ? mark_held_locks+0x6d/0xd0 [ 37.637774] ? _raw_spin_unlock_irq+0x24/0x50 [ 37.642135] ? srso_return_thunk+0x5/0x5f [ 37.646148] ? lockdep_hardirqs_on+0x95/0x150 [ 37.650510] ? srso_return_thunk+0x5/0x5f [ 37.654522] ? _raw_spin_unlock_irq+0x2f/0x50 [ 37.658883] ? srso_return_thunk+0x5/0x5f [ 37.662897] ? wait_for_common+0x186/0x1c0 [ 37.666998] ? srso_return_thunk+0x5/0x5f [ 37.671009] ? drm_crtc_next_vblank_start+0xc3/0x170 [ 37.675983] commit_tail+0xf5/0x1c0 [ 37.679478] drm_atomic_helper_commit+0x2a2/0x2b0 [ 37.684186] drm_atomic_commit+0xd6/0x100 [ 37.688199] ? __cfi___drm_printfn_info+0x10/0x10 [ 37.692911] drm_atomic_helper_update_plane+0xe5/0x130 [ 37.698054] drm_mode_cursor_common+0x501/0x670 [ 37.702600] ? __cfi_drm_mode_cursor_ioctl+0x10/0x10 [ 37.707572] drm_mode_cursor_ioctl+0x48/0x70 [ 37.711851] drm_ioctl_kernel+0xf2/0x150 [ 37.715781] drm_ioctl+0x363/0x590 [ 37.719189] ? __cfi_drm_mode_cursor_ioctl+0x10/0x10 [ 37.724165] amdgpu_drm_ioctl+0x41/0x80 [ 37.728013] __se_sys_ioctl+0x7f/0xd0 [ 37.731685] do_syscall_64+0x87/0x100 [ 37.735355] ? vma_end_read+0x12/0xe0 [ 37.739024] ? srso_return_thunk+0x5/0x5f [ 37.743041] ? find_held_lock+0x47/0xf0 [ 37.746884] ? vma_end_read+0x12/0xe0 [ 37.750552] ? srso_return_thunk+0x5/0 ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2025-22093 is a vulnerability identified in the Linux kernel specifically related to the Direct Rendering Manager (DRM) subsystem for AMD graphics hardware. The flaw arises in the drm/amd/display driver code where a NULL pointer dereference can occur when the ASIC (Application-Specific Integrated Circuit) does not support DMUB (Display Microcontroller Unit). The vulnerability is caused by insufficient validation in the function dmub_hw_lock_mgr_cmd, which dereferences the ctx->dmub_srv pointer without confirming it is non-NULL. Although the pointer is set to NULL for unsupported ASICs in dm_dmub_sw_init, the subsequent check in should_use_dmub_lock does not verify the pointer before use, leading to a kernel NULL pointer dereference. This results in a kernel oops and system crash, as evidenced by the kernel panic logs showing supervisor read access faults and page faults at address 0x58. The issue has existed since DMUB support was introduced for PSR1 (Panel Self Refresh) and is fixed by adding a NULL check for dmub_srv in should_use_dmub_lock. The vulnerability affects multiple Linux kernel versions identified by specific commit hashes. Exploitation would cause a denial of service (DoS) by crashing the kernel, impacting system availability. There is no indication of privilege escalation or arbitrary code execution from this flaw. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability is technical and specific to AMD GPU drivers in Linux kernels that support DMUB functionality but do not properly handle unsupported ASICs.
Potential Impact
For European organizations, this vulnerability primarily poses a risk of denial of service on Linux systems running affected kernel versions with AMD GPU hardware that does not support DMUB. Organizations relying on Linux servers, workstations, or embedded devices with AMD graphics could experience unexpected kernel crashes leading to system downtime. This can disrupt critical services, especially in environments where high availability is required such as financial institutions, telecommunications, healthcare, and public sector infrastructure. Although the vulnerability does not appear to allow privilege escalation or data compromise, the loss of availability can have significant operational and reputational impacts. Systems used for graphical workloads or those utilizing DRM for display management are at risk. Given the widespread use of Linux across European enterprises and public institutions, the impact could be broad if patches are not applied promptly. However, the requirement for specific hardware conditions (AMD ASICs without DMUB support) limits the scope somewhat. The lack of known exploits reduces immediate risk, but the vulnerability should be treated seriously due to the potential for service disruption.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address this vulnerability as soon as they become available from trusted sources or Linux distributions. Monitor vendor advisories for updated kernel packages. 2. For organizations using custom or embedded Linux kernels, ensure that the drm/amd/display driver code includes the NULL pointer check in should_use_dmub_lock before dereferencing dmub_srv. 3. Conduct an inventory of AMD GPU hardware in use to identify devices that do not support DMUB and prioritize patching those systems. 4. Implement robust monitoring and alerting for kernel oops or crashes related to DRM or GPU drivers to detect potential exploitation attempts or instability. 5. Where feasible, consider temporarily disabling DMUB support or related DRM features on vulnerable systems until patches are applied to reduce exposure. 6. Maintain regular backups and high availability configurations to minimize operational impact from potential DoS conditions. 7. Educate system administrators about this specific vulnerability to ensure timely response and patch management. 8. Test patches in staging environments to verify stability before deployment in production.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T08:45:45.818Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9832c4522896dcbe80c5
Added to database: 5/21/2025, 9:09:06 AM
Last enriched: 7/3/2025, 9:11:27 PM
Last updated: 8/15/2025, 6:49:51 AM
Views: 11
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.