CVE-2025-68735
- Source
- https://cve.org/CVERecord?id=CVE-2025-68735
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68735.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-68735
- Downstream
- Related
- Published
- 2025-12-24T12:09:34.364Z
- Modified
- 2026-03-12T02:15:40.552693Z
- Summary
- drm/panthor: Prevent potential UAF in group creation
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/panthor: Prevent potential UAF in group creation
This commit prevents the possibility of a use after free issue in the GROUPCREATE ioctl function, which arose as pointer to the group is accessed in that ioctl function after storing it in the Xarray. A malicious userspace can second guess the handle of a group and try to call GROUPDESTROY ioctl from another thread around the same time as GROUP_CREATE ioctl.
To prevent the use after free exploit, this commit uses a mark on an entry of group pool Xarray which is added just before returning from the GROUP_CREATE ioctl function. The mark is checked for all ioctls that specify the group handle and so userspace won't be abe to delete a group that isn't marked yet.
v2: Add R-bs and fixes tags
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68735.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/c646ebff3fa571e7ea974235286fb9ed3edc260c
- https://git.kernel.org/stable/c/deb8b2491f6b9882ae02d7dc2651c7bf4f3b7e05
- https://git.kernel.org/stable/c/eec7e23d848d2194dd8791fcd0f4a54d4378eecd
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68735.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-68735