CVE-2025-37965: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability identified as CVE-2025-37965 was discovered in the Linux kernel's AMD display driver component, specifically affecting the DML (Display Mode Library) helper functionality. The vulnerability was disclosed on May 20, 2025, and involves an invalid context error in the display driver's memory allocation process (NVD, Wiz).

The vulnerability stems from the populate_dml_plane_cfg_from_plane_state() function inappropriately using the GFP_KERNEL flag for memory allocation in atomic contexts. This issue specifically manifests after the implementation of FPU protection in dml2_validate()/dml21_validate() functions, where the allocation is needed only for using the get_scaler_data_for_plane() helper function. The vulnerability has been assigned a CVSS 3.1 score of 7.0 with vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (RedHat).

The vulnerability could potentially lead to system instability and crashes when utilizing the AMD display driver functionality, particularly in scenarios involving plane state configuration and scaler data handling (Wiz).

The vulnerability has been addressed by modifying the helpers to pass a pointer to scaler_data within the existing context, thereby eliminating the need for dynamic memory allocation and deallocation. This fix was implemented through a cherry-picked commit (bd3e84bc98f81b44f2c43936bdadc3241d654259) (NVD).