UBUNTU-CVE-2025-21996

Details

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() On the off chance that command stream passed from userspace via ioctl() call to radeon_vce_cs_parse() is weirdly crafted and first command to execute is to encode (case 0x03000001), the function in question will attempt to call radeon_vce_cs_reloc() with size argument that has not been properly initialized. Specifically, 'size' will point to 'tmp' variable before the latter had a chance to be assigned any value. Play it safe and init 'tmp' with 0, thus ensuring that radeon_vce_cs_reloc() will catch an early error in cases like these. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. (cherry picked from commit 2d52de55f9ee7aaee0e09ac443f77855989c6b68)

Affected Packages(219 packages)

linux

Ubuntu Pro 18.04 LTSUbuntu 18.04 LTS

Affected versions:

4.13.0-16.194.13.0-17.204.13.0-25.294.13.0-32.354.15.0-10.114.15.0-101.1024.15.0-106.1074.15.0-108.1094.15.0-109.1104.15.0-111.112+130 more

linux

Ubuntu 16.04 LTSUbuntu Pro 16.04 LTS

Affected versions:

4.2.0-16.194.2.0-17.214.2.0-19.234.3.0-1.104.3.0-2.114.3.0-5.164.3.0-6.174.3.0-7.184.4.0-10.254.4.0-101.124+167 more

linux

Ubuntu Pro 20.04 LTS

Affected versions:

5.3.0-18.195.3.0-24.265.4.0-100.1135.4.0-104.1185.4.0-105.1195.4.0-107.1215.4.0-109.1235.4.0-110.1245.4.0-113.1275.4.0-117.132+108 more

Fixed in:

5.4.0-218.238

linux

Ubuntu 14.04 LTS

Fixed in:

3.11.0-12.19

linux

Ubuntu 25.04

Affected versions:

6.11.0-8.86.12.0-12.126.12.0-15.156.12.0-16.166.14.0-10.106.14.0-11.116.14.0-7.7

Fixed in:

6.14.0-13.13

linux

Ubuntu 22.04 LTS

Affected versions:

5.13.0-19.195.15.0-100.1105.15.0-101.1115.15.0-102.1125.15.0-105.1155.15.0-106.1165.15.0-107.1175.15.0-112.1225.15.0-113.1235.15.0-116.126+65 more

Fixed in:

5.15.0-142.152

linux

Ubuntu 24.04 LTS

Affected versions:

6.5.0-9.96.6.0-14.146.8.0-11.116.8.0-20.206.8.0-22.226.8.0-28.286.8.0-31.316.8.0-35.356.8.0-36.366.8.0-38.38+21 more

linux-allwinner-5.19

Ubuntu 22.04 LTS

Affected versions:

5.19.0-1007.7~22.04.15.19.0-1009.9~22.04.15.19.0-1010.10~22.04.15.19.0-1011.11~22.04.15.19.0-1012.12~22.04.15.19.0-1013.13~22.04.15.19.0-1014.14~22.04.15.19.0-1015.15~22.04.1

linux-aws

Ubuntu Pro 16.04 LTS

Affected versions:

4.4.0-1001.104.4.0-1003.124.4.0-1004.134.4.0-1007.164.4.0-1009.184.4.0-1011.204.4.0-1012.214.4.0-1013.224.4.0-1016.254.4.0-1017.26+123 more

linux-aws

Ubuntu 22.04 LTS

Affected versions:

5.13.0-1005.65.15.0-1002.45.15.0-1003.55.15.0-1004.65.15.0-1005.75.15.0-1008.105.15.0-1009.115.15.0-1011.145.15.0-1013.175.15.0-1014.18+57 more

Fixed in:

5.15.0-1086.93

References(29)

UBUNTU-CVE-2025-21996

Details

Affected Packages(219 packages)

References(29)

CVSS Analysis

Upstream

Related

Ecosystems(30)

Timeline