CVE-2025-68196

A use-after-free vulnerability exists in the Linux kernel's AMD GPU display driver (drm/amd/display). The issue arises during Link Training (LT) automation, where the driver caches a pointer to current_state and later calls dc_update_planes_and_stream. This call, which may free and reallocate current_state`, leaving the cached pointer dangling. [1]

To exploit this vulnerability, an attacker must have the ability to trigger LT automation operations on a system with an AMD GPU—typically requiring local access or the ability to influence display configuration. No special privileges are needed beyond normal user access to DRM interfaces. [1]

The impact is a kernel crash (denial of service) due to use of a freed pointer. In the worst case, this could potentially be leveraged for privilege escalation or arbitrary code execution, though that remains speculative based on the available information. [1]

The fix, committed to the Linux kernel stable tree, caches the relevant stream pointers before calling dc_update_planes_and_stream call, avoiding the race condition. System administrators should be applied to any affected kernel versions. [1]