CVE-2025-68170
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-16

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Do not kfree() devres managed rdev Since the allocation of the drivers main structure was changed to devm_drm_dev_alloc() rdev is managed by devres and we shouldn't be calling kfree() on it. This fixes things exploding if the driver probe fails and devres cleans up the rdev after we already free'd it. (cherry picked from commit 16c0681617b8a045773d4d87b6140002fa75b03b)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-12-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-68170
EUVD
EUVD-2025-203726
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the Linux kernel's Radeon DRM driver where the driver's main structure (rdev) was incorrectly freed using kfree() despite being managed by devres after changing the allocation to devm_drm_dev_alloc(). This improper freeing could cause system instability or crashes if the driver probe fails and devres attempts to clean up the rdev after it has already been freed.


How can this vulnerability impact me? :

If this vulnerability is triggered, it can cause system instability or crashes due to double freeing of the driver's main structure. This can lead to unexpected behavior or failure of the Radeon DRM driver, potentially affecting graphics functionality on affected Linux systems.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart