CVE-2025-39740

HIGH

Linux Kernel 6.16-6.16.1 - Use-After-Free in drm/xe/migrate

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/xe/migrate: prevent potential UAF If we hit the error path, the previous fence (if there is one) has already been put() prior to this, so doing a fence_wait could lead to UAF. Tweak the flow to do to the put() until after we do the wait. (cherry picked from commit 9b7ca35ed28fe5fad86e9d9c24ebd1271e4c9c3e)

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/7e46fa64a4b94208563c3a5bf1d7f4346f94abea

Patch

https://git.kernel.org/stable/c/145832fbdd17b1d77ffd6cdd1642259e101d1b7e

Scores

CVSS v3 7.8

EPSS 0.0014

EPSS Percentile 3.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (9)

linux/Kernel 6.16.0 - 6.16.2linux

Linux/Linux < 6.16

Linux/Linux 270172f64b114451876c1b68912653e72ab99f38 - 145832fbdd17b1d77ffd6cdd1642259e101d1b7e

Linux/Linux 270172f64b114451876c1b68912653e72ab99f38 - 7e46fa64a4b94208563c3a5bf1d7f4346f94abea

Linux/Linux 6.16

Linux/Linux 6.16.2 - 6.16.*

Linux/Linux 6.17

linux/linux_kernel 6.17 rc1

linux/linux_kernel 6.16 - 6.16.2

Published Sep 11, 2025

Tracked Since Feb 18, 2026