CVE-2025-38596

HIGH EPSS 4.0%
Published Aug 19, 202510mo ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Aug 19, 2025 10mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF in panthor_gem_create_with_handle() debugfs code The object is potentially already gone after the drm_gem_object_put(). In general the object should be fully constructed before calling drm_gem_handle_create(), except the debugfs tracking uses a separate lock and list and separate flag to denotate whether the object is actually initialized. Since I'm touching this all anyway simplify this by only adding the object to the debugfs when it's ready for that, which allows us to delete that separate flag. panthor_gem_debugfs_bo_rm() already checks whether we've actually been added to the list or this is some error path cleanup. v2: Fix build issues for !CONFIG_DEBUGFS (Adrián) v3: Add linebreak and remove outdated comment (Liviu)

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
4.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 1

VendorProductVersionRange
linuxlinux_kernel6.16any

References 2

  • git.kernel.org https://git.kernel.org/stable/c/5f2be12442db6a2904e6e31b0e3b5ad5aebf868b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fe69a391808404977b1f002a6e7447de3de7a88e
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/5f2be12442db6a2904e6e31b0e3b5ad5aebf868b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fe69a391808404977b1f002a6e7447de3de7a88e
    Patch