CVE-2025-21968: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-21968 is a vulnerability discovered in the Linux kernel affecting the AMD display driver component. The vulnerability was first published on April 1, 2025, and last modified on April 14, 2025. It affects Linux kernel versions from 6.2 up to (excluding) 6.6.84, as well as specific release candidates (rc1-rc6) of version 6.14 (NVD).

The vulnerability is classified as a Use-After-Free (CWE-416) issue that occurs in the drm/amd/display component when HDCP is destroyed but the property_validate_dwork queue is still running. The vulnerability has received a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with low attack complexity (NVD).

Based on the CVSS score and vector, the vulnerability can lead to high impacts on confidentiality, integrity, and availability of the affected system when successfully exploited. The local attack vector suggests that an attacker would need local system access to exploit this vulnerability (NVD).

The vulnerability has been fixed by canceling the delayed work when destroying the workqueue. Multiple patches have been released and are available through various kernel.org commits. For Debian systems, version 6.1.133-1 in bookworm and version 6.12.22-1 in sid contain the fix (Debian).