CVE-2025-68735

Linux Kernel 6.10-6.17.12, 6.18.0-6.18.1, >=6.19 - Use-After-Free in GROUP_CREATE ioctl

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Prevent potential UAF in group creation This commit prevents the possibility of a use after free issue in the GROUP_CREATE ioctl function, which arose as pointer to the group is accessed in that ioctl function after storing it in the Xarray. A malicious userspace can second guess the handle of a group and try to call GROUP_DESTROY ioctl from another thread around the same time as GROUP_CREATE ioctl. To prevent the use after free exploit, this commit uses a mark on an entry of group pool Xarray which is added just before returning from the GROUP_CREATE ioctl function. The mark is checked for all ioctls that specify the group handle and so userspace won't be abe to delete a group that isn't marked yet. v2: Add R-bs and fixes tags

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/deb8b2491f6b9882ae02d7dc2651c7bf4f3b7e05

Patch

https://git.kernel.org/stable/c/c646ebff3fa571e7ea974235286fb9ed3edc260c

Patch

https://git.kernel.org/stable/c/eec7e23d848d2194dd8791fcd0f4a54d4378eecd

Scores

EPSS 0.0002

EPSS Percentile 5.9%

Details

Status published

Products (10)

linux/Kernel 6.10.0 - 6.17.13linux

linux/Kernel 6.18.0 - 6.18.2linux

Linux/Linux < 6.10

Linux/Linux 6.10

Linux/Linux 6.17.13 - 6.17.*

Linux/Linux 6.18.2 - 6.18.*

Linux/Linux 6.19

Linux/Linux de85488138247d034eb3241840424a54d660926b - c646ebff3fa571e7ea974235286fb9ed3edc260c

Linux/Linux de85488138247d034eb3241840424a54d660926b - deb8b2491f6b9882ae02d7dc2651c7bf4f3b7e05

Linux/Linux de85488138247d034eb3241840424a54d660926b - eec7e23d848d2194dd8791fcd0f4a54d4378eecd

Published Dec 24, 2025

Tracked Since Feb 18, 2026