CVE-2025-38597

ADVISORY - nist

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port

Each window of a vop2 is usable by a specific set of video ports, so while binding the vop2, we look through the list of available windows trying to find one designated as primary-plane and usable by that specific port.

The code later wants to use drm_crtc_init_with_planes with that found primary plane, but nothing has checked so far if a primary plane was actually found.

For whatever reason, the rk3576 vp2 does not have a usable primary window (if vp0 is also in use) which brought the issue to light and ended in a null-pointer dereference further down.

As we expect a primary-plane to exist for a video-port, add a check at the end of the window-iteration and fail probing if none was found.

EPSS Score: 0.00143 (0.040)

Common Weakness Enumeration (CWE)

ADVISORY - nist

NULL Pointer Dereference


Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in