CVE-2025-71307
Awaiting Analysis Awaiting Analysis - Queue
NULL Pointer Dereference in Linux Kernel drm/panthor Driver

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug This patch removes the MCU halt and wait for halt procedures during panthor_fw_unplug() as the MCU can be in a variety of states or the FW may not even be loaded/initialized at all, the latter of which can lead to a NULL pointer dereference. It should be safe on unplug to just disable the MCU without waiting for it to halt as it may not be able to.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2025-71307
EUVD
EUVD-2025-209971
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel within the drm/panthor component. It involves a NULL pointer dereference occurring during the panthor_fw_unplug() function. The issue arises because the MCU (Microcontroller Unit) can be in various states or the firmware may not be loaded or initialized, leading to a NULL pointer dereference when the code waits for the MCU to halt. The fix removes the halt and wait procedures, instead safely disabling the MCU without waiting for it to halt.

Impact Analysis

A NULL pointer dereference in the kernel can cause a system crash or kernel panic, leading to denial of service. This means that affected systems could become unstable or unresponsive when the panthor_fw_unplug() function is triggered, potentially disrupting normal operations.

Mitigation Strategies

The vulnerability has been resolved by a patch in the Linux kernel that fixes a NULL pointer dereference in the drm/panthor driver during the panthor_fw_unplug procedure.

To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71307. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart