CVE-2025-38187

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-38187

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38187.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-38187

Downstream

BELL-CVE-2025-38187

DEBIAN-CVE-2025-38187

SUSE-SU-2025:02853-1

SUSE-SU-2025:02923-1

SUSE-SU-2025:02969-1

SUSE-SU-2025:03023-1

UBUNTU-CVE-2025-38187

Related

Published

2025-07-04T14:15:25Z

Modified

2025-08-30T18:01:37Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

drm/nouveau: fix a use-after-free in r535gsprpc_push()

The RPC container is released after being passed to r535gsprpc_send().

When sending the initial fragment of a large RPC and passing the caller's RPC container, the container will be freed prematurely. Subsequent attempts to send remaining fragments will therefore result in a use-after-free.

Allocate a temporary RPC container for holding the initial fragment of a large RPC when sending. Free the caller's container when all fragments are successfully sent.

[ Rebase onto Blackwell changes. - Danilo ]

References

Affected packages