logo_clicknbuy.png

CVE-2025-21996 – Radeon Linux Kernel Uninitialized Variable Use

The following table lists the changes that have been made to the
CVE-2025-21996 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Apr. 03, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved:

    drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()

    On the off chance that command stream passed from userspace via
    ioctl() call to radeon_vce_cs_parse() is weirdly crafted and
    first command to execute is to encode (case 0x03000001), the function
    in question will attempt to call radeon_vce_cs_reloc() with size
    argument that has not been properly initialized. Specifically, ‘size’
    will point to ‘tmp’ variable before the latter had a chance to be
    assigned any value.

    Play it safe and init ‘tmp’ with 0, thus ensuring that
    radeon_vce_cs_reloc() will catch an early error in cases like these.

    Found by Linux Verification Center (linuxtesting.org) with static
    analysis tool SVACE.

    (cherry picked from commit 2d52de55f9ee7aaee0e09ac443f77855989c6b68)
    Added Reference https://git.kernel.org/stable/c/3ce08215cad55c10a6eeeb33d3583b6cfffe3ab8
    Added Reference https://git.kernel.org/stable/c/78b07dada3f02f77762d0755a96d35f53b02be69
    Added Reference https://git.kernel.org/stable/c/dd1801aa01bba1760357f2a641346ae149686713
    Added Reference https://git.kernel.org/stable/c/dd8689b52a24807c2d5ce0a17cb26dc87f75235c
    Added Reference https://git.kernel.org/stable/c/f5e049028124f755283f2c07e7a3708361ed1dc8
Share the Post:

Related Posts