U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2025-21996 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() On the off chance that command stream passed from userspace via ioctl() call to radeon_vce_cs_parse() is weirdly crafted and first command to execute is to encode (case 0x03000001), the function in question will attempt to call radeon_vce_cs_reloc() with size argument that has not been properly initialized. Specifically, 'size' will point to 'tmp' variable before the latter had a chance to be assigned any value. Play it safe and init 'tmp' with 0, thus ensuring that radeon_vce_cs_reloc() will catch an early error in cases like these. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. (cherry picked from commit 2d52de55f9ee7aaee0e09ac443f77855989c6b68)


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/0effb378ebce52b897f85cd7f828854b8c7cb636 kernel.org Patch 
https://git.kernel.org/stable/c/3ce08215cad55c10a6eeeb33d3583b6cfffe3ab8 kernel.org Patch 
https://git.kernel.org/stable/c/5b4d9d20fd455a97920cf158dd19163b879cf65d kernel.org Patch 
https://git.kernel.org/stable/c/78b07dada3f02f77762d0755a96d35f53b02be69 kernel.org Patch 
https://git.kernel.org/stable/c/9b2da9c673a0da1359a2151f7ce773e2f77d71a9 kernel.org Patch 
https://git.kernel.org/stable/c/dd1801aa01bba1760357f2a641346ae149686713 kernel.org Patch 
https://git.kernel.org/stable/c/dd8689b52a24807c2d5ce0a17cb26dc87f75235c kernel.org Patch 
https://git.kernel.org/stable/c/f5e049028124f755283f2c07e7a3708361ed1dc8 kernel.org Patch 
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html CVE
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html CVE

Weakness Enumeration

CWE-ID CWE Name Source
CWE-908 Use of Uninitialized Resource cwe source acceptance level NIST   CISA-ADP  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

5 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2025-21996
NVD Published Date:
04/03/2025
NVD Last Modified:
11/03/2025
Source:
kernel.org