Impact
A malformed VBIOS image lacking the terminating record_type sentinel causes the Linux kernel’s AMD display DRM subsystem to iterate record‑chain loops without bound. The unbounded traversal may result in hundreds of thousands of iterations, and the final passes near the image boundary perform struct casts that read beyond the verified 2‑byte header. This out‑of‑bounds read can expose kernel memory contents, and the excessive looping can bring down the kernel, resulting in a denial of service or potential information disclosure.
Affected Systems
All Linux kernel releases that contain the drm/amd/display code before the patch introduced in commit 95700a3d660287ed657d6892f7be9ffc0e294a93 are affected. Any distribution shipping a kernel prior to this commit is therefore vulnerable, regardless of distribution or hardware vendor, as the flaw resides in the upstream kernel tree.
Risk and Exploitability
Based on the description, it is inferred that exploitation requires a custom or tampered VBIOS image supplied to an AMD GPU during device initialization. The scenario is limited to contexts where an attacker can influence the GPU firmware—such as during manufacturing, firmware updates, or by inserting a malicious BIOS image. The EPSS score is below 1 %, there is no public exploit, and the vulnerability is not listed in CISA KEV, indicating a very low probability of real‑world exploitation. Nonetheless, the impact—a kernel crash or information leak—becomes high in environments where untrusted BIOS images can be loaded.
OpenCVE Enrichment