CVE-2025-38596
BaseFortify
Publication date: 2025-08-19
Last updated on: 2025-11-26
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.16 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Use-After-Free (UAF) issue in the Linux kernel's drm/panthor driver, specifically in the panthor_gem_create_with_handle() debugfs code. The problem occurs because the object may be freed (gone) after drm_gem_object_put() is called, but the debugfs tracking uses a separate lock, list, and flag to indicate whether the object is fully initialized. This can lead to accessing an object that has already been freed. The fix involves simplifying the code to only add the object to debugfs when it is fully ready, removing the separate flag and ensuring safer handling of the object's lifecycle.
How can this vulnerability impact me? :
This Use-After-Free vulnerability can lead to undefined behavior such as system crashes, memory corruption, or potentially allow an attacker to execute arbitrary code with kernel privileges. This can compromise system stability and security, possibly leading to denial of service or privilege escalation on affected Linux systems using the drm/panthor driver.