Description

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF in panthor_gem_create_with_handle() debugfs code The object is potentially already gone after the drm_gem_object_put(). In general the object should be fully constructed before calling drm_gem_handle_create(), except the debugfs tracking uses a separate lock and list and separate flag to denotate whether the object is actually initialized. Since I'm touching this all anyway simplify this by only adding the object to the debugfs when it's ready for that, which allows us to delete that separate flag. panthor_gem_debugfs_bo_rm() already checks whether we've actually been added to the list or this is some error path cleanup. v2: Fix build issues for !CONFIG_DEBUGFS (Adrián) v3: Add linebreak and remove outdated comment (Liviu)

INFO

Published Date :

2025-08-19T17:03:26.445Z

Last Modified :

2025-09-29T05:54:29.881Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-38596 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-38596.

URL Resource
https://git.kernel.org/stable/c/5f2be12442db6a2904e6e31b0e3b5ad5aebf868b cve-icon cve-icon
https://git.kernel.org/stable/c/fe69a391808404977b1f002a6e7447de3de7a88e cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025081919-CVE-2025-38596-9c29@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-38596 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-38596 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact