Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

017 - Ir a la línea de ayuda en Ciberseguridad    Ir a Agenda     Ir a Sala de prensa     Ir a suscripción de boletines

Ir al buscador

CVE-2025-68180

Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
16/12/2025
Última modificación:
16/12/2025

Descripción

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Fix NULL deref in debugfs odm_combine_segments<br /> <br /> When a connector is connected but inactive (e.g., disabled by desktop<br /> environments), pipe_ctx-&gt;stream_res.tg will be destroyed. Then, reading<br /> odm_combine_segments causes kernel NULL pointer dereference.<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000000<br /> #PF: supervisor read access in kernel mode<br /> #PF: error_code(0x0000) - not-present page<br /> PGD 0 P4D 0<br /> Oops: Oops: 0000 [#1] SMP NOPTI<br /> CPU: 16 UID: 0 PID: 26474 Comm: cat Not tainted 6.17.0+ #2 PREEMPT(lazy) e6a17af9ee6db7c63e9d90dbe5b28ccab67520c6<br /> Hardware name: LENOVO 21Q4/LNVNB161216, BIOS PXCN25WW 03/27/2025<br /> RIP: 0010:odm_combine_segments_show+0x93/0xf0 [amdgpu]<br /> Code: 41 83 b8 b0 00 00 00 01 75 6e 48 98 ba a1 ff ff ff 48 c1 e0 0c 48 8d 8c 07 d8 02 00 00 48 85 c9 74 2d 48 8b bc 07 f0 08 00 00 8b 07 48 8b 80 08 02 00&gt;<br /> RSP: 0018:ffffd1bf4b953c58 EFLAGS: 00010286<br /> RAX: 0000000000005000 RBX: ffff8e35976b02d0 RCX: ffff8e3aeed052d8<br /> RDX: 00000000ffffffa1 RSI: ffff8e35a3120800 RDI: 0000000000000000<br /> RBP: 0000000000000000 R08: ffff8e3580eb0000 R09: ffff8e35976b02d0<br /> R10: ffffd1bf4b953c78 R11: 0000000000000000 R12: ffffd1bf4b953d08<br /> R13: 0000000000040000 R14: 0000000000000001 R15: 0000000000000001<br /> FS: 00007f44d3f9f740(0000) GS:ffff8e3caa47f000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 0000000000000000 CR3: 00000006485c2000 CR4: 0000000000f50ef0<br /> PKRU: 55555554<br /> Call Trace:<br /> <br /> seq_read_iter+0x125/0x490<br /> ? __alloc_frozen_pages_noprof+0x18f/0x350<br /> seq_read+0x12c/0x170<br /> full_proxy_read+0x51/0x80<br /> vfs_read+0xbc/0x390<br /> ? __handle_mm_fault+0xa46/0xef0<br /> ? do_syscall_64+0x71/0x900<br /> ksys_read+0x73/0xf0<br /> do_syscall_64+0x71/0x900<br /> ? count_memcg_events+0xc2/0x190<br /> ? handle_mm_fault+0x1d7/0x2d0<br /> ? do_user_addr_fault+0x21a/0x690<br /> ? exc_page_fault+0x7e/0x1a0<br /> entry_SYSCALL_64_after_hwframe+0x6c/0x74<br /> RIP: 0033:0x7f44d4031687<br /> Code: 48 89 fa 4c 89 df e8 58 b3 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 c3 0f 1f 80 00 00 00 00&gt;<br /> RSP: 002b:00007ffdb4b5f0b0 EFLAGS: 00000202 ORIG_RAX: 0000000000000000<br /> RAX: ffffffffffffffda RBX: 00007f44d3f9f740 RCX: 00007f44d4031687<br /> RDX: 0000000000040000 RSI: 00007f44d3f5e000 RDI: 0000000000000003<br /> RBP: 0000000000040000 R08: 0000000000000000 R09: 0000000000000000<br /> R10: 0000000000000000 R11: 0000000000000202 R12: 00007f44d3f5e000<br /> R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000040000<br /> <br /> Modules linked in: tls tcp_diag inet_diag xt_mark ccm snd_hrtimer snd_seq_dummy snd_seq_midi snd_seq_oss snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device x&gt;<br /> snd_hda_codec_atihdmi snd_hda_codec_realtek_lib lenovo_wmi_helpers think_lmi snd_hda_codec_generic snd_hda_codec_hdmi snd_soc_core kvm snd_compress uvcvideo sn&gt;<br /> platform_profile joydev amd_pmc mousedev mac_hid sch_fq_codel uinput i2c_dev parport_pc ppdev lp parport nvme_fabrics loop nfnetlink ip_tables x_tables dm_cryp&gt;<br /> CR2: 0000000000000000<br /> ---[ end trace 0000000000000000 ]---<br /> RIP: 0010:odm_combine_segments_show+0x93/0xf0 [amdgpu]<br /> Code: 41 83 b8 b0 00 00 00 01 75 6e 48 98 ba a1 ff ff ff 48 c1 e0 0c 48 8d 8c 07 d8 02 00 00 48 85 c9 74 2d 48 8b bc 07 f0 08 00 00 8b 07 48 8b 80 08 02 00&gt;<br /> RSP: 0018:ffffd1bf4b953c58 EFLAGS: 00010286<br /> RAX: 0000000000005000 RBX: ffff8e35976b02d0 RCX: ffff8e3aeed052d8<br /> RDX: 00000000ffffffa1 RSI: ffff8e35a3120800 RDI: 0000000000000000<br /> RBP: 0000000000000000 R08: ffff8e3580eb0000 R09: ffff8e35976b02d0<br /> R10: ffffd1bf4b953c78 R11: 0000000000000000 R12: ffffd1bf4b953d08<br /> R13: 0000000000040000 R14: 0000000000000001 R15: 0000000000000001<br /> FS: 00007f44d3f9f740(0000) GS:ffff8e3caa47f000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 0000000000000000 CR3: 00000006485c2000 CR4: 0000000000f50ef0<br /> PKRU: 55555554<br /> <br /> Fix this by checking pipe_ctx-&gt;<br /> ---truncated---

Impacto

Referencias a soluciones, herramientas e información