CVE-2025-21996

Summary

CVE-2025-21996 is a vulnerability identified in the Linux kernel's drm/radeon driver. This issue arises when an unusually crafted command stream is passed from userspace to the radeon_vce_cs_parse() function via an ioctl() call. The function in question attempts to call radeon_vce_cs_reloc() with an uninitialized size argument, specifically pointing to the 'tmp' variable before it has been assigned a value. To mitigate this issue, it is recommended to initialize 'tmp' with 0, ensuring that radeon_vce_cs_reloc() catches any potential early errors. This vulnerability was discovered by the Linux Verification Center using their static analysis tool, SVACE.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.