CVE-2025-39679

When the nvifvmmtype is invalid, we will return error directly without freeing the args in nvifvmmctor(), which leading a memory leak. Fix it by setting the ret -EINVAL and goto done.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

6b252cf42281045a9f803d2198023500cfa6ebd2

Fixed

72553fe19317fe93cb8591c83095c446bc7fe292

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

6b252cf42281045a9f803d2198023500cfa6ebd2

Fixed

cabcb52d76d3d42f16c344a96e098dd9d18602f8

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

6b252cf42281045a9f803d2198023500cfa6ebd2

Fixed

7d9110e3b35d08832661da1a1fc2d24455981a04

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

6b252cf42281045a9f803d2198023500cfa6ebd2

Fixed

bb8aeaa3191b617c6faf8ae937252e059673b7ea

Affected versions

v6.*

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.12

v6.12-rc1

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.12-rc5

v6.12-rc6

v6.12-rc7

v6.12.1

v6.12.10

v6.12.11

v6.12.12

v6.12.13

v6.12.14

v6.12.15

v6.12.16

v6.12.17

v6.12.18

v6.12.19

v6.12.2

v6.12.20

v6.12.21

v6.12.22

v6.12.23

v6.12.24

v6.12.25

v6.12.26

v6.12.27

v6.12.28

v6.12.29

v6.12.3

v6.12.30

v6.12.31

v6.12.32

v6.12.33

v6.12.34

v6.12.35

v6.12.36

v6.12.37

v6.12.38

v6.12.39

v6.12.4

v6.12.40

v6.12.41

v6.12.42

v6.12.43

v6.12.5

v6.12.6

v6.12.7

v6.12.8

v6.12.9

v6.13

v6.13-rc1

v6.13-rc2

v6.13-rc3

v6.13-rc4

v6.13-rc5

v6.13-rc6

v6.13-rc7

v6.14

v6.14-rc1

v6.14-rc2

v6.14-rc3

v6.14-rc4

v6.14-rc5

v6.14-rc6

v6.14-rc7

v6.15

v6.15-rc1

v6.15-rc2

v6.15-rc3

v6.15-rc4

v6.15-rc5

v6.15-rc6

v6.15-rc7

v6.16

v6.16-rc1

v6.16-rc2

v6.16-rc3

v6.16-rc4

v6.16-rc5

v6.16-rc6

v6.16-rc7

v6.16.1

v6.16.2

v6.16.3

v6.5

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.10

v6.6.100

v6.6.101

v6.6.102

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.16

v6.6.17

v6.6.18

v6.6.19

v6.6.2

v6.6.20

v6.6.21

v6.6.22

v6.6.23

v6.6.24

v6.6.25

v6.6.26

v6.6.27

v6.6.28

v6.6.29

v6.6.3

v6.6.30

v6.6.31

v6.6.32

v6.6.33

v6.6.34

v6.6.35

v6.6.36

v6.6.37

v6.6.38

v6.6.39

v6.6.4

v6.6.40

v6.6.41

v6.6.42

v6.6.43

v6.6.44

v6.6.45

v6.6.46

v6.6.47

v6.6.48

v6.6.49

v6.6.5

v6.6.50

v6.6.51

v6.6.52

v6.6.53

v6.6.54

v6.6.55

v6.6.56

v6.6.57

v6.6.58

v6.6.59

v6.6.6

v6.6.60

v6.6.61

v6.6.62

v6.6.63

v6.6.64

v6.6.65

v6.6.66

v6.6.67

v6.6.68

v6.6.69

v6.6.7

v6.6.70

v6.6.71

v6.6.72

v6.6.73

v6.6.74

v6.6.75

v6.6.76

v6.6.77

v6.6.78

v6.6.79

v6.6.8

v6.6.80

v6.6.81

v6.6.82

v6.6.83

v6.6.84

v6.6.85

v6.6.86

v6.6.87

v6.6.88

v6.6.89

v6.6.9

v6.6.90

v6.6.91

v6.6.92

v6.6.93

v6.6.94

v6.6.95

v6.6.96

v6.6.97

v6.6.98

v6.6.99

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Database specific

vanir_signatures

[
    {
        "digest": {
            "function_hash": "290612315824145672614121716604827908911",
            "length": 1598.0
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2025-39679-1189caf8",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cabcb52d76d3d42f16c344a96e098dd9d18602f8",
        "target": {
            "function": "nvif_vmm_ctor",
            "file": "drivers/gpu/drm/nouveau/nvif/vmm.c"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "250808697624696241817632887665002796839",
                "314311392658020062367301000025094589565",
                "100890239781293230607301407251627366067",
                "243090179107672739742879152559149118082"
            ]
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2025-39679-36d3856e",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cabcb52d76d3d42f16c344a96e098dd9d18602f8",
        "target": {
            "file": "drivers/gpu/drm/nouveau/nvif/vmm.c"
        }
    },
    {
        "digest": {
            "function_hash": "290612315824145672614121716604827908911",
            "length": 1598.0
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2025-39679-57862b35",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bb8aeaa3191b617c6faf8ae937252e059673b7ea",
        "target": {
            "function": "nvif_vmm_ctor",
            "file": "drivers/gpu/drm/nouveau/nvif/vmm.c"
        }
    },
    {
        "digest": {
            "function_hash": "290612315824145672614121716604827908911",
            "length": 1598.0
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2025-39679-6e2e3504",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@72553fe19317fe93cb8591c83095c446bc7fe292",
        "target": {
            "function": "nvif_vmm_ctor",
            "file": "drivers/gpu/drm/nouveau/nvif/vmm.c"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "250808697624696241817632887665002796839",
                "314311392658020062367301000025094589565",
                "100890239781293230607301407251627366067",
                "243090179107672739742879152559149118082"
            ]
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2025-39679-7b93e63c",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bb8aeaa3191b617c6faf8ae937252e059673b7ea",
        "target": {
            "file": "drivers/gpu/drm/nouveau/nvif/vmm.c"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "250808697624696241817632887665002796839",
                "314311392658020062367301000025094589565",
                "100890239781293230607301407251627366067",
                "243090179107672739742879152559149118082"
            ]
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2025-39679-d7f624d0",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@72553fe19317fe93cb8591c83095c446bc7fe292",
        "target": {
            "file": "drivers/gpu/drm/nouveau/nvif/vmm.c"
        }
    },
    {
        "digest": {
            "function_hash": "290612315824145672614121716604827908911",
            "length": 1598.0
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2025-39679-e38e4625",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7d9110e3b35d08832661da1a1fc2d24455981a04",
        "target": {
            "function": "nvif_vmm_ctor",
            "file": "drivers/gpu/drm/nouveau/nvif/vmm.c"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "250808697624696241817632887665002796839",
                "314311392658020062367301000025094589565",
                "100890239781293230607301407251627366067",
                "243090179107672739742879152559149118082"
            ]
        },
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2025-39679-f98d4806",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7d9110e3b35d08832661da1a1fc2d24455981a04",
        "target": {
            "file": "drivers/gpu/drm/nouveau/nvif/vmm.c"
        }
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.6.0

Fixed

6.6.103

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.44

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.16.4