CVE-2025-38361 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Check dce_hwseq before dereferencing it

[WHAT]

hws was checked for null earlier in dce110_blank_stream, indicating hws
can be null, and should be checked whenever it is used.

(cherry picked from commit 79db43611ff61280b6de58ce1305e0b2ecf675ad)

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00019.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c`	affected	< 5e1482ae14b03b9fca73ef5afea26ede683f4450
`4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c`	affected	< 60e450eec5d63113c6ad5c456ce64c12b4496a6e
`4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c`	affected	< e881b82f5d3d8d54d168cd276169f0fee01bf0e7
`4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c`	affected	< df11bf0ef795b6d415c4d8ee54fa3f2105e75bcb
`4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c`	affected	< b669507b637eb6b1aaecf347f193efccc65d756e

Linux

affected

Version	Status	Constraints
`4.15`	affected	—
`0`	unaffected	< 4.15
`6.1.162`	unaffected	≤ 6.1.*
`6.6.122`	unaffected	≤ 6.6.*
`6.12.36`	unaffected	≤ 6.12.*
`6.15.5`	unaffected	≤ 6.15.*
`6.16`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc2::::::

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

Source	ID	Title
Debian DLA	DLA-4476-1	linux-6.1 security update
Debian DSA	DSA-6127-1	linux security update
EUVD	EUVD-2025-22642	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check dce_hwseq before dereferencing it [WHAT] hws was checked for null earlier in dce110_blank_stream, indicating hws can be null, and should be checked whenever it is used. (cherry picked from commit 79db43611ff61280b6de58ce1305e0b2ecf675ad)
Ubuntu USN	USN-7833-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7834-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7833-2	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-7833-3	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-7833-4	Linux kernel (GCP) vulnerabilities
Ubuntu USN	USN-7856-1	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-8028-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8028-2	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8031-1	Linux kernel (GCP) vulnerabilities
Ubuntu USN	USN-8028-3	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8028-4	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-8028-5	Linux kernel vulnerabilities
Ubuntu USN	USN-8031-2	Linux kernel (GCP FIPS) vulnerabilities
Ubuntu USN	USN-8028-6	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-8031-3	Linux kernel vulnerabilities
Ubuntu USN	USN-8052-1	Linux kernel (Low Latency) vulnerabilities
Ubuntu USN	USN-8028-7	Linux kernel (Low Latency NVIDIA) vulnerabilities
Ubuntu USN	USN-8028-8	Linux kernel (IBM) vulnerabilities
Ubuntu USN	USN-8052-2	Linux kernel (Xilinx) vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/5e1482ae14b03b9fca73ef5afea26ede683f4450
https://git.kernel.org/stable/c/60e450eec5d63113c6ad5c456ce64c12b4496a6e
https://git.kernel.org/stable/c/b669507b637eb6b1aaecf347f193efccc65d756e
https://git.kernel.org/stable/c/df11bf0ef795b6d415c4d8ee54fa3f2105e75bcb
https://git.kernel.org/stable/c/e881b82f5d3d8d54d168cd276169f0fee01bf0e7
https://lore.kernel.org/linux-cve-announce/2025072557-CVE-2025-38361-3f11@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-38361
https://www.cve.org/CVERecord?id=CVE-2025-38361

History

Fri, 06 Feb 2026 16:45:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/5e1482ae14b03b9fca73ef5afea26ede683f4450

Fri, 30 Jan 2026 10:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/60e450eec5d63113c6ad5c456ce64c12b4496a6e

Tue, 18 Nov 2025 20:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.16:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc2::::::
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Tue, 29 Jul 2025 12:30:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025072557-CVE-2025-38361-3f11@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-38361 https://www.cve.org/CVERecord?id=CVE-2025-38361
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Mon, 28 Jul 2025 13:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Vendors & Products		Linux Linux linux Kernel

Fri, 25 Jul 2025 13:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check dce_hwseq before dereferencing it [WHAT] hws was checked for null earlier in dce110_blank_stream, indicating hws can be null, and should be checked whenever it is used. (cherry picked from commit 79db43611ff61280b6de58ce1305e0b2ecf675ad)
Title		drm/amd/display: Check dce_hwseq before dereferencing it
References		https://git.kernel.org/stable/c/b669507b637eb6b1aaecf347f193efccc65d756e https://git.kernel.org/stable/c/df11bf0ef795b6d415c4d8ee54fa3f2105e75bcb https://git.kernel.org/stable/c/e881b82f5d3d8d54d168cd276169f0fee01bf0e7

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-07-25T12:47:32.234Z

Updated: 2026-02-06T16:31:17.796Z

Reserved: 2025-04-16T04:51:24.008Z

Link: CVE-2025-38361

Vulnrichment

No data.

NVD

Status : Modified

Published: 2025-07-25T13:15:24.903

Modified: 2026-02-06T17:16:16.313

Link: CVE-2025-38361

Redhat

Severity : Moderate

Publid Date: 2025-07-25T00:00:00Z

Links: CVE-2025-38361 - Bugzilla

OpenCVE Enrichment

Updated: 2025-07-28T12:45:57Z

Weaknesses

NVD-CWE-noinfo

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object