CVE-2025-68748

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/panthor: Fix UAF race between device unplug and FW event processing

The function panthor_fw_unplug() will free the FW memory sections. The problem is that there could still be pending FW events which are yet not handled at this point. process_fw_events_work() can in this case try to access said freed memory.

Simply call disable_work_sync() to both drain and prevent future invocation of process_fw_events_work().

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxde85488138247d034eb3241840424a54d660926b < 31db188355a49337e3e8ec98b99377e482eab22caffected
LinuxLinuxde85488138247d034eb3241840424a54d660926b < 5e3ff56d4cb591daea70786d07dc21d06dc34108affected
LinuxLinuxde85488138247d034eb3241840424a54d660926b < 6c1da9ae2c123a9ffda5375e64cc81f9ed3cc04aaffected
LinuxLinuxde85488138247d034eb3241840424a54d660926b < 7051f6ba968fa69918d72cc26de4d6cf7ea05b90affected
LinuxLinux6.10affected
LinuxLinux0 < 6.10unaffected
LinuxLinux6.12.63 <= 6.12.*unaffected
LinuxLinux6.17.13 <= 6.17.*unaffected
LinuxLinux6.18.2 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

References