CVE-2025-68748
Use-After-Free Race in Linux drm/panthor Causes Memory Access
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a use-after-free (UAF) race condition in the Linux kernel's drm/panthor driver. Specifically, the function panthor_fw_unplug() frees firmware memory sections while there may still be pending firmware events that have not been processed. The process_fw_events_work() function can then attempt to access this freed memory, leading to a use-after-free condition. The fix involves calling disable_work_sync() to drain and prevent future invocations of process_fw_events_work(), avoiding access to freed memory.
How can this vulnerability impact me? :
This vulnerability can lead to use-after-free memory access, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or escalate privileges by exploiting the race condition between device unplug and firmware event processing.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to a version where the drm/panthor vulnerability is fixed. The fix involves calling disable_work_sync() in the panthor_fw_unplug() function to prevent use-after-free race conditions by draining and preventing future invocation of process_fw_events_work(). Applying the official patch or upgrading to the fixed kernel version will mitigate the issue.