CVE-2025-39679

MEDIUM

Linux Kernel 6.6-6.6.102, 6.7-6.12.43, 6.13-6.16.3 - Use-After-Free in nvif_vmm_ctor()

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). When the nvif_vmm_type is invalid, we will return error directly without freeing the args in nvif_vmm_ctor(), which leading a memory leak. Fix it by setting the ret -EINVAL and goto done.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/72553fe19317fe93cb8591c83095c446bc7fe292

Patch

https://git.kernel.org/stable/c/cabcb52d76d3d42f16c344a96e098dd9d18602f8

Patch

https://git.kernel.org/stable/c/7d9110e3b35d08832661da1a1fc2d24455981a04

Patch

https://git.kernel.org/stable/c/bb8aeaa3191b617c6faf8ae937252e059673b7ea

Scores

CVSS v3 5.5

EPSS 0.0014

EPSS Percentile 4.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-401

Status published

Products (15)

linux/Kernel 6.13.0 - 6.16.4linux

linux/Kernel 6.6.0 - 6.6.103linux

linux/Kernel 6.7.0 - 6.12.44linux

Linux/Linux < 6.6

Linux/Linux 6.12.44 - 6.12.*

Linux/Linux 6.16.4 - 6.16.*

Linux/Linux 6.17

Linux/Linux 6.6

Linux/Linux 6.6.103 - 6.6.*

Linux/Linux 6b252cf42281045a9f803d2198023500cfa6ebd2 - 72553fe19317fe93cb8591c83095c446bc7fe292

... and 5 more

Published Sep 05, 2025

Tracked Since Feb 18, 2026