CVE-2025-39807
- Source
- https://cve.org/CVERecord?id=CVE-2025-39807
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39807.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-39807
- Downstream
- Related
- Published
- 2025-09-16T13:00:10.408Z
- Modified
- 2026-03-11T07:46:16.036141965Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- drm/mediatek: Add error handling for old state CRTC in atomic_disable
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/mediatek: Add error handling for old state CRTC in atomic_disable
Introduce error handling to address an issue where, after a hotplug event, the cursor continues to update. This situation can lead to a kernel panic due to accessing the NULL
old_state->crtc.E,g. Unable to handle kernel NULL pointer dereference at virtual address Call trace: mtkcrtcplanedisable+0x24/0x140 mtkplaneatomicupdate+0x8c/0xa8 drmatomichelpercommitplanes+0x114/0x2c8 drmatomichelpercommittailrpm+0x4c/0x158 committail+0xa0/0x168 drmatomichelpercommit+0x110/0x120 drmatomiccommit+0x8c/0xe0 drmatomichelperupdate_plane+0xd4/0x128 __setplaneatomic+0xcc/0x110 drmmodecursorcommon+0x250/0x440 drmmodecursorioctl+0x44/0x70 drmioctl+0x264/0x5d8 _arm64sysioctl+0xd8/0x510 invokesyscall+0x6c/0xe0 doel0svc+0x68/0xe8 el0svc+0x34/0x60 el0t64synchandler+0x1c/0xf8 el0t64sync+0x180/0x188
Adding NULL pointer checks to ensure stability by preventing operations on an invalid CRTC state.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39807.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0c6b24d70da21201ed009a2aca740d2dfddc7ab5
- https://git.kernel.org/stable/c/7d5cc22efa44e0fe321ce195c71c3d7da211fbb2
- https://git.kernel.org/stable/c/9a94e9d8b50bcfe89693bc899a54d3866d86e973
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39807.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-39807
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced40b5b4ba8ed87c0bfb6268c10589777652ebde4cFixed7d5cc22efa44e0fe321ce195c71c3d7da211fbb2
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd208261e9f7c66960587b10473081dc1cecbe50bFixed9a94e9d8b50bcfe89693bc899a54d3866d86e973Fixed0c6b24d70da21201ed009a2aca740d2dfddc7ab5
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affecteda9c482689051ca96f4a4630fe49fd6919694caaa