CVE-2025-21996
Published: Apr 3, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() On the off chance that command stream passed from userspace via ioctl() call to radeon_vce_cs_parse() is weirdly crafted and first command to execute is to encode (case 0x03000001), the function in question will attempt to call radeon_vce_cs_reloc() with size argument that has not been properly initialized. Specifically, 'size' will point to 'tmp' variable before the latter had a chance to be assigned any value. Play it safe and init 'tmp' with 0, thus ensuring that radeon_vce_cs_reloc() will catch an early error in cases like these. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. (cherry picked from commit 2d52de55f9ee7aaee0e09ac443f77855989c6b68)
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 2fc5703abda201f138faf63bdca743d04dbf4b1a - < 0effb378ebce52b897f85cd7f828854b8c7cb636affected 2fc5703abda201f138faf63bdca743d04dbf4b1a - < 5b4d9d20fd455a97920cf158dd19163b879cf65daffected 2fc5703abda201f138faf63bdca743d04dbf4b1a - < 9b2da9c673a0da1359a2151f7ce773e2f77d71a9affected 2fc5703abda201f138faf63bdca743d04dbf4b1a - < 78b07dada3f02f77762d0755a96d35f53b02be69affected 2fc5703abda201f138faf63bdca743d04dbf4b1a - < 3ce08215cad55c10a6eeeb33d3583b6cfffe3ab8+3 more versions |
Linux | Linux | affected 3.15unaffected 0 - < 3.15unaffected 5.4.292 - <= 5.4.*unaffected 5.10.236 - <= 5.10.*unaffected 5.15.180 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now