CVE-2025-38597

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38597
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38597.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38597
Downstream
Related
Published
2025-08-19T17:03:32Z
Modified
2025-10-18T04:50:04.992188Z
Summary
drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port

Each window of a vop2 is usable by a specific set of video ports, so while binding the vop2, we look through the list of available windows trying to find one designated as primary-plane and usable by that specific port.

The code later wants to use drmcrtcinitwithplanes with that found primary plane, but nothing has checked so far if a primary plane was actually found.

For whatever reason, the rk3576 vp2 does not have a usable primary window (if vp0 is also in use) which brought the issue to light and ended in a null-pointer dereference further down.

As we expect a primary-plane to exist for a video-port, add a check at the end of the window-iteration and fail probing if none was found.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
604be85547ce4d61b89292d2f9a78c721b778c16
Fixed
e1eef239399927b368f70a716044fb10085627c8
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
604be85547ce4d61b89292d2f9a78c721b778c16
Fixed
38682edbbad272b5f8c7bf55128b42cd10626f73
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
604be85547ce4d61b89292d2f9a78c721b778c16
Fixed
f9f68bf1d0efeadb6c427c9dbb30f307a7def19b

Affected versions

v5.*

v5.18
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.15.1
v6.15.2
v6.15.3
v6.15.4
v6.15.5
v6.15.6
v6.15.7
v6.15.8
v6.15.9
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "target": {
            "file": "drivers/gpu/drm/rockchip/rockchip_drm_vop2.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f9f68bf1d0efeadb6c427c9dbb30f307a7def19b",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "225840960955458956323245667207998313458",
                "75407180318704451699303769443305508093",
                "192742391956018977754974215102531043252",
                "230034558521833301545150273380128962591"
            ]
        },
        "deprecated": false,
        "id": "CVE-2025-38597-0b6454b2",
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "target": {
            "function": "vop2_create_crtcs",
            "file": "drivers/gpu/drm/rockchip/rockchip_drm_vop2.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@38682edbbad272b5f8c7bf55128b42cd10626f73",
        "digest": {
            "length": 3189.0,
            "function_hash": "193686036182207251414428355979161457413"
        },
        "deprecated": false,
        "id": "CVE-2025-38597-39c9a06f",
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "target": {
            "function": "vop2_create_crtcs",
            "file": "drivers/gpu/drm/rockchip/rockchip_drm_vop2.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f9f68bf1d0efeadb6c427c9dbb30f307a7def19b",
        "digest": {
            "length": 3189.0,
            "function_hash": "193686036182207251414428355979161457413"
        },
        "deprecated": false,
        "id": "CVE-2025-38597-6c5905aa",
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "drivers/gpu/drm/rockchip/rockchip_drm_vop2.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e1eef239399927b368f70a716044fb10085627c8",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "225840960955458956323245667207998313458",
                "75407180318704451699303769443305508093",
                "192742391956018977754974215102531043252",
                "230034558521833301545150273380128962591"
            ]
        },
        "deprecated": false,
        "id": "CVE-2025-38597-720b0956",
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "target": {
            "function": "vop2_create_crtcs",
            "file": "drivers/gpu/drm/rockchip/rockchip_drm_vop2.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e1eef239399927b368f70a716044fb10085627c8",
        "digest": {
            "length": 3189.0,
            "function_hash": "193686036182207251414428355979161457413"
        },
        "deprecated": false,
        "id": "CVE-2025-38597-7f9c26d9",
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "drivers/gpu/drm/rockchip/rockchip_drm_vop2.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@38682edbbad272b5f8c7bf55128b42cd10626f73",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "225840960955458956323245667207998313458",
                "75407180318704451699303769443305508093",
                "192742391956018977754974215102531043252",
                "230034558521833301545150273380128962591"
            ]
        },
        "deprecated": false,
        "id": "CVE-2025-38597-85a8e1a5",
        "signature_type": "Line"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.19.0
Fixed
6.15.10
Type
ECOSYSTEM
Events
Introduced
6.16.0
Fixed
6.16.1