Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF in panthor_gem_create_with_handle() debugfs code The object is potentially already gone after the drm_gem_object_put(). In general the object should be fully constructed before calling drm_gem_handle_create(), except the debugfs tracking uses a separate lock and list and separate flag to denotate whether the object is actually initialized. Since I'm touching this all anyway simplify this by only adding the object to the debugfs when it's ready for that, which allows us to delete that separate flag. panthor_gem_debugfs_bo_rm() already checks whether we've actually been added to the list or this is some error path cleanup. v2: Fix build issues for !CONFIG_DEBUGFS (Adrián) v3: Add linebreak and remove outdated comment (Liviu)
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 6.16 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/5f2be12442db6a2904e6e31b0e3b5ad5aebf868bPatch
- https://git.kernel.org/stable/c/fe69a391808404977b1f002a6e7447de3de7a88ePatch
FAQ
What is CVE-2025-38596?
CVE-2025-38596 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF in panthor_gem_create_with_handle() debugfs code The object is potentially already gone after the drm_gem_obj...
How severe is CVE-2025-38596?
CVE-2025-38596 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-38596?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.