CVE-2025-39882

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/mediatek: fix potential OF node use-after-free

The for_each_child_of_node() helper drops the reference it takes to each node as it iterates over children and an explicit of_node_put() is only needed when exiting the loop early.

Drop the recently introduced bogus additional reference count decrement at each iteration that could potentially lead to a use-after-free.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7d98166183d627c0b9daca7672b2191fae0f8a03 < b2fbe0f9f80b9cfa1e06ddcf8b863d918394ef1daffected
LinuxLinux31ce7c089b50c3d3056c37e0e25e7535e4428ae1 < b58a26cdd4795c1ce6a80e38e9348885555dacd6affected
LinuxLinuxfae58d0155a979a8c414bbc12db09dd4b2f910d0 < c4901802ed1ce859242e10af06e6a7752cba0497affected
LinuxLinux1f403699c40f0806a707a9a6eed3b8904224021a < 4de37a48b6b58faaded9eb765047cf0d8785ea18affected
LinuxLinux6.6.105 < 6.6.107affected
LinuxLinux6.12.45 < 6.12.48affected
LinuxLinux6.16.5 < 6.16.8affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References