CVE-2025-68735
Use-After-Free Vulnerability in Linux drm/panthor GROUP_CREATE ioctl
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a use-after-free (UAF) issue in the Linux kernel's drm/panthor driver related to group creation. Specifically, in the GROUP_CREATE ioctl function, a pointer to a group is accessed after it has been stored in an Xarray. A malicious userspace process can guess the handle of a group and attempt to call GROUP_DESTROY ioctl from another thread simultaneously with GROUP_CREATE ioctl, potentially causing a use-after-free condition. The fix involves marking the group entry in the Xarray before returning from GROUP_CREATE ioctl and checking this mark in all ioctls that use the group handle, preventing deletion of unmarked groups and thus preventing the UAF exploit.
How can this vulnerability impact me? :
This vulnerability could allow a malicious userspace process to exploit a use-after-free condition, potentially leading to undefined behavior such as memory corruption, crashes, or privilege escalation within the Linux kernel. This could compromise system stability or security by allowing attackers to execute arbitrary code or cause denial of service.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the use after free issue in the drm/panthor GROUP_CREATE ioctl function. This fix prevents malicious userspace from exploiting the vulnerability by marking group entries properly and checking these marks on all relevant ioctls.