CVE-2025-22097

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-22097
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22097.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-22097
Downstream
Related
Published
2025-04-16T14:12:47.649Z
Modified
2026-03-11T07:46:21.413883Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
drm/vkms: Fix use after free and double free on init error
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/vkms: Fix use after free and double free on init error

If the driver initialization fails, the vkmsexit() function might access an uninitialized or freed defaultconfig pointer and it might double free it.

Fix both possible errors by initializing default_config only when the driver initialization succeeded.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/22xxx/CVE-2025-22097.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2df7af93fdadb9ba8226fe443fae15ecdefda2a6
Fixed
49a69f67f53518bdd9b7eeebf019a2da6cc0e954
Fixed
79d138d137b80eeb0a83244d1cff29e64cf91067
Fixed
561fc0c5cf41f646f3e9e61784cbc0fc832fb936
Fixed
d5eb8e347905ab17788a7903fa1d3d06747355f5
Fixed
b8a18bb53e06d6d3c1fd03d12533d6e333ba8853
Fixed
1f68f1cf09d06061eb549726ff8339e064eddebd
Fixed
ed15511a773df86205bda66c37193569575ae828

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22097.json"