Home

Description

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF in panthor_gem_create_with_handle() debugfs code The object is potentially already gone after the drm_gem_object_put(). In general the object should be fully constructed before calling drm_gem_handle_create(), except the debugfs tracking uses a separate lock and list and separate flag to denotate whether the object is actually initialized. Since I'm touching this all anyway simplify this by only adding the object to the debugfs when it's ready for that, which allows us to delete that separate flag. panthor_gem_debugfs_bo_rm() already checks whether we've actually been added to the list or this is some error path cleanup. v2: Fix build issues for !CONFIG_DEBUGFS (Adrián) v3: Add linebreak and remove outdated comment (Liviu)

PUBLISHED Reserved 2025-04-16 | Published 2025-08-19 | Updated 2025-09-29 | Assigner Linux

Product status

Default status
unaffected

a3707f53eb3f4f3e7a30d720be0885f813d649bb before 5f2be12442db6a2904e6e31b0e3b5ad5aebf868b
affected

a3707f53eb3f4f3e7a30d720be0885f813d649bb before fe69a391808404977b1f002a6e7447de3de7a88e
affected

Default status
affected

6.16
affected

Any version before 6.16
unaffected

6.16.1
unaffected

6.17
unaffected

References

git.kernel.org/...c/5f2be12442db6a2904e6e31b0e3b5ad5aebf868b

git.kernel.org/...c/fe69a391808404977b1f002a6e7447de3de7a88e

cve.org (CVE-2025-38596)

nvd.nist.gov (CVE-2025-38596)

Download JSON