-

CVE-2025-68735

In the Linux kernel, the following vulnerability has been resolved:

drm/panthor: Prevent potential UAF in group creation

This commit prevents the possibility of a use after free issue in the
GROUP_CREATE ioctl function, which arose as pointer to the group is
accessed in that ioctl function after storing it in the Xarray.
A malicious userspace can second guess the handle of a group and try
to call GROUP_DESTROY ioctl from another thread around the same time
as GROUP_CREATE ioctl.

To prevent the use after free exploit, this commit uses a mark on an
entry of group pool Xarray which is added just before returning from
the GROUP_CREATE ioctl function. The mark is checked for all ioctls
that specify the group handle and so userspace won't be abe to delete
a group that isn't marked yet.

v2: Add R-bs and fixes tags
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < deb8b2491f6b9882ae02d7dc2651c7bf4f3b7e05
Version de85488138247d034eb3241840424a54d660926b
Status affected
Version < c646ebff3fa571e7ea974235286fb9ed3edc260c
Version de85488138247d034eb3241840424a54d660926b
Status affected
Version < eec7e23d848d2194dd8791fcd0f4a54d4378eecd
Version de85488138247d034eb3241840424a54d660926b
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 6.10
Status affected
Version < 6.10
Version 0
Status unaffected
Version <= 6.17.*
Version 6.17.13
Status unaffected
Version <= 6.18.*
Version 6.18.2
Status unaffected
Version <= *
Version 6.19-rc1
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.058
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.