CVE-2025-22097

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/vkms: Fix use after free and double free on init error

If the driver initialization fails, the vkms_exit() function might access an uninitialized or freed default_config pointer and it might double free it.

Fix both possible errors by initializing default_config only when the driver initialization succeeded.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux2df7af93fdadb9ba8226fe443fae15ecdefda2a6 < 49a69f67f53518bdd9b7eeebf019a2da6cc0e954affected
LinuxLinux2df7af93fdadb9ba8226fe443fae15ecdefda2a6 < 79d138d137b80eeb0a83244d1cff29e64cf91067affected
LinuxLinux2df7af93fdadb9ba8226fe443fae15ecdefda2a6 < 561fc0c5cf41f646f3e9e61784cbc0fc832fb936affected
LinuxLinux2df7af93fdadb9ba8226fe443fae15ecdefda2a6 < d5eb8e347905ab17788a7903fa1d3d06747355f5affected
LinuxLinux2df7af93fdadb9ba8226fe443fae15ecdefda2a6 < b8a18bb53e06d6d3c1fd03d12533d6e333ba8853affected
LinuxLinux2df7af93fdadb9ba8226fe443fae15ecdefda2a6 < 1f68f1cf09d06061eb549726ff8339e064eddebdaffected
LinuxLinux2df7af93fdadb9ba8226fe443fae15ecdefda2a6 < ed15511a773df86205bda66c37193569575ae828affected
LinuxLinux5.12affected
LinuxLinux0 < 5.12unaffected
LinuxLinux5.15.180 <= 5.15.*unaffected
LinuxLinux6.1.134 <= 6.1.*unaffected
LinuxLinux6.6.87 <= 6.6.*unaffected
LinuxLinux6.12.23 <= 6.12.*unaffected
LinuxLinux6.13.11 <= 6.13.*unaffected
LinuxLinux6.14.2 <= 6.14.*unaffected
LinuxLinux6.15 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References