5.5

CVE-2025-38409

drm/msm: Fix another leak in the submit error path

In the Linux kernel, the following vulnerability has been resolved:

drm/msm: Fix another leak in the submit error path

put_unused_fd() doesn't free the installed file, if we've already done
fd_install().  So we need to also free the sync_file.

Patchwork: https://patchwork.freedesktop.org/patch/653583/
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.12 < 6.1.144
LinuxLinux Kernel Version >= 6.2 < 6.6.97
LinuxLinux Kernel Version >= 6.7 < 6.12.37
LinuxLinux Kernel Version >= 6.13 < 6.15.6
LinuxLinux Kernel Version6.16 Updaterc1
LinuxLinux Kernel Version6.16 Updaterc2
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.051
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/00b3401f692082ddf6342500d1be25560bba46d4
Patch
https://git.kernel.org/stable/c/30d3819b0b9173e31b84d662a592af8bad351427
Patch
https://git.kernel.org/stable/c/3f6ce8433a9035b0aa810e1f5b708e9dc1c367b0
Patch
https://git.kernel.org/stable/c/c40ad1c04d306f7fde26337fdcf8a5979657d93f
Patch
https://git.kernel.org/stable/c/f681c2aa8676a890eacc84044717ab0fd26e058f
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory