CVE-2025-38596
- Source
- https://cve.org/CVERecord?id=CVE-2025-38596
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38596.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-38596
- Downstream
- Published
- 2025-08-19T17:03:26.445Z
- Modified
- 2026-04-02T12:48:03.017047Z
- Summary
- drm/panthor: Fix UAF in panthor_gem_create_with_handle() debugfs code
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/panthor: Fix UAF in panthorgemcreatewithhandle() debugfs code
The object is potentially already gone after the drmgemobjectput(). In general the object should be fully constructed before calling drmgemhandlecreate(), except the debugfs tracking uses a separate lock and list and separate flag to denotate whether the object is actually initialized.
Since I'm touching this all anyway simplify this by only adding the object to the debugfs when it's ready for that, which allows us to delete that separate flag. panthorgemdebugfsborm() already checks whether we've actually been added to the list or this is some error path cleanup.
v2: Fix build issues for !CONFIG_DEBUGFS (Adrián)
v3: Add linebreak and remove outdated comment (Liviu)
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38596.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/5f2be12442db6a2904e6e31b0e3b5ad5aebf868b
- https://git.kernel.org/stable/c/fe69a391808404977b1f002a6e7447de3de7a88e
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38596.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-38596
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git