CVE-2025-38467

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-38467
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38467.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38467
Downstream
Related
Published
2025-07-25T15:27:49.045Z
Modified
2026-05-15T11:54:03.265461762Z
Summary
drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/exynos: exynos7drmdecon: add vblank check in IRQ handling

If there's support for another console device (such as a TTY serial), the kernel occasionally panics during boot. The panic message and a relevant snippet of the call stack is as follows:

Unable to handle kernel NULL pointer dereference at virtual address 000000000000000 Call trace: drmcrtchandlevblank+0x10/0x30 (P) deconirq_handler+0x88/0xb4 [...]

Otherwise, the panics don't happen. This indicates that it's some sort of race condition.

Add a check to validate if the drm device can handle vblanks before calling drmcrtchandle_vblank() to avoid this.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38467.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Fixed
5.4.296
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.240
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.189
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.146
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.99
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.39
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.15.7

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38467.json"