CVE-2025-39882

The foreachchildofnode() helper drops the reference it takes to each node as it iterates over children and an explicit ofnodeput() is only needed when exiting the loop early.

Drop the recently introduced bogus additional reference count decrement at each iteration that could potentially lead to a use-after-free.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

7d98166183d627c0b9daca7672b2191fae0f8a03

Fixed

b2fbe0f9f80b9cfa1e06ddcf8b863d918394ef1d

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

31ce7c089b50c3d3056c37e0e25e7535e4428ae1

Fixed

b58a26cdd4795c1ce6a80e38e9348885555dacd6

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

fae58d0155a979a8c414bbc12db09dd4b2f910d0

Fixed

c4901802ed1ce859242e10af06e6a7752cba0497

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

1f403699c40f0806a707a9a6eed3b8904224021a

Fixed

4de37a48b6b58faaded9eb765047cf0d8785ea18

Affected versions

v6.*

v6.12.45

v6.12.46

v6.12.47

v6.16.5

v6.16.6

v6.16.7

v6.6.105

v6.6.106

Database specific

vanir_signatures

[
    {
        "id": "CVE-2025-39882-0a794c38",
        "digest": {
            "function_hash": "231061141823106558251409280323069059438",
            "length": 1217.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4de37a48b6b58faaded9eb765047cf0d8785ea18",
        "target": {
            "function": "mtk_drm_get_all_drm_priv",
            "file": "drivers/gpu/drm/mediatek/mtk_drm_drv.c"
        },
        "signature_version": "v1"
    },
    {
        "id": "CVE-2025-39882-3beb4464",
        "digest": {
            "function_hash": "231061141823106558251409280323069059438",
            "length": 1217.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b58a26cdd4795c1ce6a80e38e9348885555dacd6",
        "target": {
            "function": "mtk_drm_get_all_drm_priv",
            "file": "drivers/gpu/drm/mediatek/mtk_drm_drv.c"
        },
        "signature_version": "v1"
    },
    {
        "id": "CVE-2025-39882-632c2cd5",
        "digest": {
            "function_hash": "231061141823106558251409280323069059438",
            "length": 1217.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b2fbe0f9f80b9cfa1e06ddcf8b863d918394ef1d",
        "target": {
            "function": "mtk_drm_get_all_drm_priv",
            "file": "drivers/gpu/drm/mediatek/mtk_drm_drv.c"
        },
        "signature_version": "v1"
    },
    {
        "id": "CVE-2025-39882-cb32e5e8",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "66268685649061315877470957609523959838",
                "143491362686736396575224279892351281912",
                "266707820995718631375895397272128715911",
                "297279506451627820860322578789858614851",
                "114083565119517966071239821909194114692",
                "202403220234758371055511801700794727260",
                "28322134122537959427314827932566175831",
                "89448682309308111248504902042230592243",
                "260163200853184017994076239747893407202",
                "263618885520206708767453033397262334022",
                "93845301084767222252087577628752557910",
                "38127819276239048614963232844895037030",
                "245150407342694586915923621074471883268",
                "89117255433444891057737418436689376809"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b58a26cdd4795c1ce6a80e38e9348885555dacd6",
        "target": {
            "file": "drivers/gpu/drm/mediatek/mtk_drm_drv.c"
        },
        "signature_version": "v1"
    },
    {
        "id": "CVE-2025-39882-e1c63a22",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "66268685649061315877470957609523959838",
                "143491362686736396575224279892351281912",
                "266707820995718631375895397272128715911",
                "297279506451627820860322578789858614851",
                "114083565119517966071239821909194114692",
                "202403220234758371055511801700794727260",
                "28322134122537959427314827932566175831",
                "89448682309308111248504902042230592243",
                "260163200853184017994076239747893407202",
                "263618885520206708767453033397262334022",
                "93845301084767222252087577628752557910",
                "38127819276239048614963232844895037030",
                "245150407342694586915923621074471883268",
                "89117255433444891057737418436689376809"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4de37a48b6b58faaded9eb765047cf0d8785ea18",
        "target": {
            "file": "drivers/gpu/drm/mediatek/mtk_drm_drv.c"
        },
        "signature_version": "v1"
    },
    {
        "id": "CVE-2025-39882-f082a0a1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "66268685649061315877470957609523959838",
                "143491362686736396575224279892351281912",
                "266707820995718631375895397272128715911",
                "297279506451627820860322578789858614851",
                "114083565119517966071239821909194114692",
                "202403220234758371055511801700794727260",
                "28322134122537959427314827932566175831",
                "89448682309308111248504902042230592243",
                "260163200853184017994076239747893407202",
                "263618885520206708767453033397262334022",
                "93845301084767222252087577628752557910",
                "38127819276239048614963232844895037030",
                "245150407342694586915923621074471883268",
                "89117255433444891057737418436689376809"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b2fbe0f9f80b9cfa1e06ddcf8b863d918394ef1d",
        "target": {
            "file": "drivers/gpu/drm/mediatek/mtk_drm_drv.c"
        },
        "signature_version": "v1"
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.6.105

Fixed

6.6.107

Type: ECOSYSTEM
Events: Introduced

6.12.45

Fixed

6.12.48

Type: ECOSYSTEM
Events: Introduced

6.16.5

Fixed

6.16.8