CVE-2025-68748

Linux Kernel 6.10-6.12.63, 6.13-6.17.13, 6.18.0-6.18.2 - Use-After-Free in Panthor FW Event Processing

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF race between device unplug and FW event processing The function panthor_fw_unplug() will free the FW memory sections. The problem is that there could still be pending FW events which are yet not handled at this point. process_fw_events_work() can in this case try to access said freed memory. Simply call disable_work_sync() to both drain and prevent future invocation of process_fw_events_work().

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/31db188355a49337e3e8ec98b99377e482eab22c

Patch

https://git.kernel.org/stable/c/5e3ff56d4cb591daea70786d07dc21d06dc34108

Patch

https://git.kernel.org/stable/c/6c1da9ae2c123a9ffda5375e64cc81f9ed3cc04a

Patch

https://git.kernel.org/stable/c/7051f6ba968fa69918d72cc26de4d6cf7ea05b90

Scores

EPSS 0.0002

EPSS Percentile 6.3%

Details

Status published

Products (13)

linux/Kernel 6.10.0 - 6.12.63linux

linux/Kernel 6.13.0 - 6.17.13linux

linux/Kernel 6.18.0 - 6.18.2linux

Linux/Linux < 6.10

Linux/Linux 6.10

Linux/Linux 6.12.63 - 6.12.*

Linux/Linux 6.17.13 - 6.17.*

Linux/Linux 6.18.2 - 6.18.*

Linux/Linux 6.19

Linux/Linux de85488138247d034eb3241840424a54d660926b - 31db188355a49337e3e8ec98b99377e482eab22c

... and 3 more

Published Dec 24, 2025

Tracked Since Feb 18, 2026