CVE-2025-21780

High

Published: 27 February 2025

Published

27 February 2025

Modified

03 November 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0001 2.3th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21780 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly requires validation of pptable sizes provided via sysfs to prevent buffer copy without checking input size in smu_sys_set_pp_table().

SI-2 Flaw Remediation good match

prevent

Mandates timely remediation of the buffer overflow flaw through application of specific Linux kernel patches for the amdgpu driver.

SI-16 Memory Protection partial match

prevent

Implements memory protections to mitigate exploitation of the buffer overflow for arbitrary code execution or denial of service.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Local kernel buffer overflow via sysfs with low privileges enables arbitrary code execution and privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() It malicious user provides a small pptable through sysfs and then a bigger pptable, it may cause buffer overflow attack in function smu_sys_set_pp_table().

Deeper analysisAI

CVE-2025-21780 is a buffer overflow vulnerability in the Linux kernel's drm/amdgpu subsystem, specifically within the smu_sys_set_pp_table() function. The issue arises when a malicious user supplies a small power play table (pptable) through sysfs, followed by a larger pptable, triggering a buffer overflow. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-120 (Buffer Copy without Checking Size of Input).

A local attacker with low privileges can exploit this vulnerability by interacting with the sysfs interface to deliver the crafted pptables. Successful exploitation leads to a buffer overflow, potentially allowing arbitrary code execution, data corruption, or system denial of service with high impacts on confidentiality, integrity, and availability.

Mitigation is provided through kernel patches available in stable releases, as documented in the following commit references: https://git.kernel.org/stable/c/1abb2648698bf10783d2236a6b4a7ca5e8021699, https://git.kernel.org/stable/c/231075c5a8ea54f34b7c4794687baa980814e6de, https://git.kernel.org/stable/c/2498d2db1d35e88a2060ea191ae75dce853dd084, https://git.kernel.org/stable/c/3484ea33157bc7334f57e64826ec5a4bf992151a, and https://git.kernel.org/stable/c/e43a8b9c4d700ffec819c5043a48769b3e7d9cab. These commits resolve the buffer overflow by improving handling in smu_sys_set_pp_table(). Security practitioners should update affected Linux kernels with these fixes.

Details

CWE(s): CWE-120

Affected Products

linux

linux kernel

6.14 · ≤ 6.1.129 · 6.2 — 6.6.79 · 6.7 — 6.12.16

CVEs Like This One

CVE-2026-31622Same product: Linux Linux Kernel

CVE-2022-49754Same product: Linux Linux Kernel

CVE-2026-31743Same product: Linux Linux Kernel

CVE-2026-23099Same product: Linux Linux Kernel

CVE-2024-58055Same product: Linux Linux Kernel

CVE-2025-21735Same product: Linux Linux Kernel

CVE-2026-23221Same product: Linux Linux Kernel

CVE-2025-21763Same product: Linux Linux Kernel

CVE-2025-21631Same product: Linux Linux Kernel

CVE-2026-31453Same product: Linux Linux Kernel

References

https://git.kernel.org/stable/c/1abb2648698bf10783d2236a6b4a7ca5e8021699
Mailing List, Patch · 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/231075c5a8ea54f34b7c4794687baa980814e6de
Mailing List, Patch · 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/2498d2db1d35e88a2060ea191ae75dce853dd084
Mailing List, Patch · 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/3484ea33157bc7334f57e64826ec5a4bf992151a
Mailing List, Patch · 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/e43a8b9c4d700ffec819c5043a48769b3e7d9cab
Mailing List, Patch · 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
af854a3a-2127-422b-91ae-364da2661108