CVE-2025-21819: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-21819 affects the Linux kernel's AMD display driver, specifically related to the hardware lock manager for PSR1 (Panel Self Refresh) functionality. The vulnerability was discovered on February 4, 2025, and was publicly disclosed on February 27, 2025. The issue affects various Linux distributions including Ubuntu and Debian systems running AMD graphics with PSR1 capability (Debian Tracker, Ubuntu Security).

The vulnerability stems from a problematic implementation in the AMD display driver's hardware lock manager for PSR1. The issue is specifically located in the drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c file, where the hardware lock manager incorrectly handles PSR1 version checking. The problematic code was introduced in commit a2b5a9956269 and was later reverted due to the discovered issues (Kernel Commit).

The vulnerability can cause system hangs when connecting two eDP (embedded DisplayPort) panels. This affects system stability and availability, particularly in multi-display configurations using AMD graphics hardware with PSR1 functionality (Kernel Commit).

The issue has been fixed by reverting the problematic commit that implemented hardware lock manager for PSR1. The fix is included in various Linux kernel versions, with Debian and Ubuntu distributions providing updated packages. For Debian, the fix is available in versions 5.10.223-1 for bullseye, 6.1.129-1 for bookworm, and 6.12.17-1 for trixie (Debian Tracker).