Listen to this Post
The CVE-2025-38360 vulnerability exists within the AMD display driver (drm/amd/display) in the Linux kernel. On specific sequential ASICs, the driver fails to properly enforce power domain sequencing between the HUBP (Hub Present) and DSC (Display Stream Compression) blocks. When initializing a non-zero DSC instance, the driver logic does not guarantee that the required HUBP domain is powered on before the DSC is enabled. If the HUBP domain is in a low-power state, attempting to access it via the DSC instance can cause the display tile logic to enter an undefined state. This results in a full system hang, requiring a hard reboot, as the kernel becomes completely unresponsive due to the hardware entering an invalid condition.
Platform: Linux Kernel
Version: AMD GPU Driver
Vulnerability: Use-After-Free
Severity: High
date: 07/25/2025
Prediction: Patch expected by 08/08/2025
What Undercode Say:
dmesg | grep -i "amdgpu|DSC|HUBP" cat /sys/kernel/debug/dri/0/amdgpu_dm_dbg_info
// Code snippet from the patch
if (dc->res_pool->dsc_count[pipe_ctx->stream_res.dsc->dsc_inst] > 0) {
// New check for HUBP power domain
if (!dc->res_pool->hubp_count[pipe_ctx->plane_res.hubp->inst]) {
return false; // Prevent undefined state
}
}
How Exploit:
Trigger system hang via special display mode. Crafted DC state configuration. Power state race condition.
Protection from this CVE
Apply kernel patches from AMD. Update to linux-firmware 20250725. Disable DSC features if vulnerable.
Impact:
System stability compromise. Full kernel panic and hang. Denial-of-service condition.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
