CVE-2025-68170

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/radeon: Do not kfree() devres managed rdev

Since the allocation of the drivers main structure was changed to devm_drm_dev_alloc() rdev is managed by devres and we shouldn't be calling kfree() on it.

This fixes things exploding if the driver probe fails and devres cleans up the rdev after we already free'd it.

(cherry picked from commit 16c0681617b8a045773d4d87b6140002fa75b03b)

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa9ed2f052c5c14e4be58c5ec8794dffc87588123 < f7482516002a11317912e29577bbf33cf59a0fb1affected
LinuxLinuxa9ed2f052c5c14e4be58c5ec8794dffc87588123 < 2413bbd1d692aed245c2aa38a369a1fa7590db84affected
LinuxLinuxa9ed2f052c5c14e4be58c5ec8794dffc87588123 < 3328443363a0895fd9c096edfe8ecd372ca9145eaffected
LinuxLinux6.12affected
LinuxLinux0 < 6.12unaffected
LinuxLinux6.12.58 <= 6.12.*unaffected
LinuxLinux6.17.8 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

References