Impact
The defect lies in the Linux kernel’s AMD display DRM driver, where writing to the "sdp_message" debugfs entry dereferences a null connector state or reads past the user‑supplied buffer. This leads to a kernel panic that can force a system reboot. The bug does not grant code execution or privilege escalation; its primary consequence is the loss of availability for any user whose processes rely on a stable kernel.
Affected Systems
All Linux kernel builds that include the unpatched AMD display driver are vulnerable. No specific version numbers are provided, so every distribution using the kernel prior to the commit that introduced the fix must be considered at risk.
Risk and Exploitability
The attack vector is local: it requires write access to the debugfs node, which is normally restricted to privileged users. EPSS is not available and the flaw is not listed in CISA KEV, but the simplicity of the trigger and the severity of a kernel crash make this a high‑risk denial‑of‑service condition for systems where the attacker can reach the debugfs interface. No public exploits are known, yet the exploit path is trivial for an authenticated local user.
OpenCVE Enrichment
Debian DLA