CVE-2025-68249

The early error path in hdmprobe() can jump to errfreemdev before &mdev->dev has been initialized with deviceinitialize(). Calling putdevice(&mdev->dev) there triggers a device core WARN and ends up invoking krefput(&kobj->kref, kobject_release) on an uninitialized kobject.

In this path the private struct was only kmalloc'ed and the intended release is effectively kfree(mdev) anyway, so free it directly instead of calling put_device() on an uninitialized device.

This removes the WARNING and fixes the pre-initialization error path.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68249.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

97a6f772f36b7f52bcfa56a581bbd2470cffe23d

Fixed

3509c748e79435d09e730673c8c100b7f0ebc87c

Fixed

ad2be44882716dc3589fbc5572cc13f88ead6b24

Fixed

c400410fe0580dd6118ae8d60287ac9ce71a65fd

Fixed

6fb8fbc0aa542af5bf0fed94fa6b0edf18144f95

Fixed

7d851f746067b8ee5bac9c262f326ace0a6ea253

Fixed

4af0eedbdb4df7936bf43a28e31af232744d2620

Fixed

a8cc9e5fcb0e2eef21513a4fec888f5712cb8162

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68249.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.9.0

Fixed

5.10.246

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.196

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.158

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.115

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.56

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.17.6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68249.json"