CVE-2025-68748
Unknown Unknown - Not Provided
Use-After-Free Race in Linux drm/panthor Causes Memory Access

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF race between device unplug and FW event processing The function panthor_fw_unplug() will free the FW memory sections. The problem is that there could still be pending FW events which are yet not handled at this point. process_fw_events_work() can in this case try to access said freed memory. Simply call disable_work_sync() to both drain and prevent future invocation of process_fw_events_work().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68748
EUVD
EUVD-2025-205214
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux kernel *
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a use-after-free (UAF) race condition in the Linux kernel's drm/panthor driver. Specifically, the function panthor_fw_unplug() frees firmware memory sections while there may still be pending firmware events that have not been processed. The process_fw_events_work() function can then attempt to access this freed memory, leading to a use-after-free condition. The fix involves calling disable_work_sync() to drain and prevent future invocations of process_fw_events_work(), avoiding access to freed memory.

Impact Analysis

This vulnerability can lead to use-after-free memory access, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or escalate privileges by exploiting the race condition between device unplug and firmware event processing.

Mitigation Strategies

Update the Linux kernel to a version where the drm/panthor vulnerability is fixed. The fix involves calling disable_work_sync() in the panthor_fw_unplug() function to prevent use-after-free race conditions by draining and preventing future invocation of process_fw_events_work(). Applying the official patch or upgrading to the fixed kernel version will mitigate the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68748. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart