CVE-2025-38205: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability was identified in the Linux kernel's AMD display driver (CVE-2025-38205), discovered and disclosed on July 4, 2025. The issue affects the drm/amd/display component, specifically in the populate_dummy_dml_surface_cfg() function where uninitialized dummy values could lead to a divide by zero condition (NVD, CVE MITRE).

The vulnerability exists in the Linux kernel's AMD display driver where the dummy values in populate_dummy_dml_surface_cfg() function are not properly initialized. This can result in a divide by zero condition when downstream callers like CalculateVMAndRowBytes() attempt to use these values. The fix involves initializing the dummy pitch value to 1 to prevent the divide by zero scenario (NVD).

The vulnerability affects multiple Linux distributions including Ubuntu's various releases (22.04 LTS, 24.04 LTS, and 25.04) and Debian's trixie and sid releases. The issue is particularly concerning for systems running AMD display drivers (Ubuntu Security, Debian Security).

The vulnerability has been patched in various Linux distributions. Debian has fixed the issue in bullseye (5.10.237-1) and bookworm (6.1.140-1) releases. The fix involves initializing the dummy pitch value to 1 in the populate_dummy_dml_surface_cfg() function to prevent the divide by zero condition (Debian Security).