CVE-2025-38426

low-risk

Published 2025-07-25

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add basic validation for RAS header If RAS header read from EEPROM is corrupted, it could result in trying to allocate huge memory for reading the records. Add some validation to header fields.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (4)

https://git.kernel.org/stable/c/0479268fdfaaff6e15d69e8a8387410f36d1b793

Patch https://git.kernel.org/stable/c/5df0d6addb7e9b6f71f7162d1253762a5be9138e

Patch https://git.kernel.org/stable/c/b52f52bc5ba9feb026c0be600f8ac584fd12d187

https://git.kernel.org/stable/c/e1903358b2152f5d64a83e796bb776aba0d3628d

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal