CVE-2025-68748
- Source
- https://cve.org/CVERecord?id=CVE-2025-68748
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68748.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-68748
- Downstream
- Published
- 2025-12-24T12:09:43.620Z
- Modified
- 2026-02-09T19:33:55.010084Z
- Summary
- drm/panthor: Fix UAF race between device unplug and FW event processing
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/panthor: Fix UAF race between device unplug and FW event processing
The function panthorfwunplug() will free the FW memory sections. The problem is that there could still be pending FW events which are yet not handled at this point. processfwevents_work() can in this case try to access said freed memory.
Simply call disableworksync() to both drain and prevent future invocation of processfwevents_work().
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68748.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/31db188355a49337e3e8ec98b99377e482eab22c
- https://git.kernel.org/stable/c/5e3ff56d4cb591daea70786d07dc21d06dc34108
- https://git.kernel.org/stable/c/6c1da9ae2c123a9ffda5375e64cc81f9ed3cc04a
- https://git.kernel.org/stable/c/7051f6ba968fa69918d72cc26de4d6cf7ea05b90
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68748.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-68748
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedde85488138247d034eb3241840424a54d660926bFixed31db188355a49337e3e8ec98b99377e482eab22cFixed5e3ff56d4cb591daea70786d07dc21d06dc34108Fixed6c1da9ae2c123a9ffda5375e64cc81f9ed3cc04aFixed7051f6ba968fa69918d72cc26de4d6cf7ea05b90
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.36
v6.12.37
v6.12.38
v6.12.39
v6.12.4
v6.12.40
v6.12.41
v6.12.42
v6.12.43
v6.12.44
v6.12.45
v6.12.46
v6.12.47
v6.12.48
v6.12.49
v6.12.5
v6.12.50
v6.12.51
v6.12.52
v6.12.53
v6.12.54
v6.12.55
v6.12.56
v6.12.57
v6.12.58
v6.12.59
v6.12.6
v6.12.60
v6.12.61
v6.12.62
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.17
v6.17-rc1
v6.17-rc2
v6.17-rc3
v6.17-rc4
v6.17-rc5
v6.17-rc6
v6.17-rc7
v6.17.1
v6.17.10
v6.17.11
v6.17.12
v6.17.2
v6.17.3
v6.17.4
v6.17.5
v6.17.6
v6.17.7
v6.17.8
v6.17.9
v6.18
v6.18-rc1
v6.18-rc2
v6.18-rc3
v6.18-rc4
v6.18-rc5
v6.18-rc6
v6.18-rc7
v6.18.1
v6.8
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7