CVE-2025-40354

Name: CVE-2025-40354
Creator: NVD / NIST
Published: 2025-12-16T14:15:47.31+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.17%

Last modified Jun 17, 2026

CVE-2025-40354 is a vulnerability of currently unknown severity. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: increase max link count and fix link->enc NULL pointer access [why] 1.) dc->links[MAX_LINKS] array size smaller than actual requested. max_connector + max_dpia + 4 virtual = 14. increase from 12 to 14. 2.) hw_init() access null LINK_ENC for dpia non display_endpoint. (cherry picked from commit d7f5a61e1b04ed87b008c8d327649d184dc5bb45). EPSS estimates a 0.17% chance of exploitation in the next 30 days.

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: increase max link count and fix link->enc NULL pointer access [why] 1.) dc->links[MAX_LINKS] array size smaller than actual requested. max_connector + max_dpia + 4 virtual = 14. increase from 12 to 14. 2.) hw_init() access null LINK_ENC for dpia non display_endpoint. (cherry picked from commit d7f5a61e1b04ed87b008c8d327649d184dc5bb45)

Metrics

EPSS Probability

0.17%

6.2th percentile

Probability of exploitation in the next 30 days. Learn more

References

Timeline

Published: Dec 16, 2025
Last Modified: Jun 17, 2026
Status: Deferred

Frequently Asked Questions

What is CVE-2025-40354?

How severe is CVE-2025-40354?

Severity scoring for CVE-2025-40354 is pending analysis. The EPSS model estimates a 0.17% probability of exploitation in the next 30 days.

How do I fix CVE-2025-40354?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-40354?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST