CVE-2025-38410

MEDIUM

Linux Kernel 3.12-5.15.187, 5.16-6.1.144, 6.2-6.6.97, 6.7-6.12.37, 6.13-6.15.6 - Use-After-Free in DRM/MSM

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix a fence leak in submit error path In error paths, we could unref the submit without calling drm_sched_entity_push_job(), so msm_job_free() will never get called. Since drm_sched_job_cleanup() will NULL out the s_fence, we can use that to detect this case. Patchwork: https://patchwork.freedesktop.org/patch/653584/

References (7)

Core 7

Core References

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

Patch

https://git.kernel.org/stable/c/5deab0fa6cfd0cd7def17598db15ceb84f950584

Patch

https://git.kernel.org/stable/c/201eba5c9652a900c0b248070263f9acd3735689

Patch

https://git.kernel.org/stable/c/fe2695b2f63bd77e0e03bc0fc779164115bb4699

Patch

https://git.kernel.org/stable/c/0eaa495b3d5710e5ba72051d2e01bb28292c625c

Patch

https://git.kernel.org/stable/c/0dc817f852e5f8ec8501d19ef7dcc01affa181d0

Patch

https://git.kernel.org/stable/c/5d319f75ccf7f0927425a7545aa1a22b3eedc189

Scores

CVSS v3 5.5

EPSS 0.0015

EPSS Percentile 4.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-401

Status published

Products (22)

debian/debian_linux 11.0

linux/Kernel 3.12.0 - 5.15.187linux

linux/Kernel 5.16.0 - 6.1.144linux

linux/Kernel 6.13.0 - 6.15.6linux

linux/Kernel 6.2.0 - 6.6.97linux

linux/Kernel 6.7.0 - 6.12.37linux

Linux/Linux < 3.12

Linux/Linux 0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300 - 0dc817f852e5f8ec8501d19ef7dcc01affa181d0

Linux/Linux 0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300 - 0eaa495b3d5710e5ba72051d2e01bb28292c625c

Linux/Linux 0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300 - 201eba5c9652a900c0b248070263f9acd3735689

... and 12 more

Published Jul 25, 2025

Tracked Since Feb 18, 2026