{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-68189","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-16T13:41:40.253Z","datePublished":"2025-12-16T13:43:11.507Z","dateUpdated":"2026-05-11T21:48:22.985Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:48:22.985Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix GEM free for imported dma-bufs\n\nImported dma-bufs also have obj->resv != &obj->_resv.  So we should\ncheck both this condition in addition to flags for handling the\n_NO_SHARE case.\n\nFixes this splat that was reported with IRIS video playback:\n\n    ------------[ cut here ]------------\n    WARNING: CPU: 3 PID: 2040 at drivers/gpu/drm/msm/msm_gem.c:1127 msm_gem_free_object+0x1f8/0x264 [msm]\n    CPU: 3 UID: 1000 PID: 2040 Comm: .gnome-shell-wr Not tainted 6.17.0-rc7 #1 PREEMPT\n    pstate: 81400005 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n    pc : msm_gem_free_object+0x1f8/0x264 [msm]\n    lr : msm_gem_free_object+0x138/0x264 [msm]\n    sp : ffff800092a1bb30\n    x29: ffff800092a1bb80 x28: ffff800092a1bce8 x27: ffffbc702dbdbe08\n    x26: 0000000000000008 x25: 0000000000000009 x24: 00000000000000a6\n    x23: ffff00083c72f850 x22: ffff00083c72f868 x21: ffff00087e69f200\n    x20: ffff00087e69f330 x19: ffff00084d157ae0 x18: 0000000000000000\n    x17: 0000000000000000 x16: ffffbc704bd46b80 x15: 0000ffffd0959540\n    x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n    x11: ffffbc702e6cdb48 x10: 0000000000000000 x9 : 000000000000003f\n    x8 : ffff800092a1ba90 x7 : 0000000000000000 x6 : 0000000000000020\n    x5 : ffffbc704bd46c40 x4 : fffffdffe102cf60 x3 : 0000000000400032\n    x2 : 0000000000020000 x1 : ffff00087e6978e8 x0 : ffff00087e6977e8\n    Call trace:\n     msm_gem_free_object+0x1f8/0x264 [msm] (P)\n     drm_gem_object_free+0x1c/0x30 [drm]\n     drm_gem_object_handle_put_unlocked+0x138/0x150 [drm]\n     drm_gem_object_release_handle+0x5c/0xcc [drm]\n     drm_gem_handle_delete+0x68/0xbc [drm]\n     drm_gem_close_ioctl+0x34/0x40 [drm]\n     drm_ioctl_kernel+0xc0/0x130 [drm]\n     drm_ioctl+0x360/0x4e0 [drm]\n     __arm64_sys_ioctl+0xac/0x104\n     invoke_syscall+0x48/0x104\n     el0_svc_common.constprop.0+0x40/0xe0\n     do_el0_svc+0x1c/0x28\n     el0_svc+0x34/0xec\n     el0t_64_sync_handler+0xa0/0xe4\n     el0t_64_sync+0x198/0x19c\n    ---[ end trace 0000000000000000 ]---\n    ------------[ cut here ]------------\n\nPatchwork: https://patchwork.freedesktop.org/patch/676273/"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/msm/msm_gem.c"],"versions":[{"version":"de651b6e040ba419418a37401e45d24f133e8a59","lessThan":"9674c4cb2fe62727a2e4d3f66065ab949dfa61be","status":"affected","versionType":"git"},{"version":"de651b6e040ba419418a37401e45d24f133e8a59","lessThan":"c34e08ba6c0037a72a7433741225b020c989e4ae","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/msm/msm_gem.c"],"versions":[{"version":"6.17","status":"affected"},{"version":"0","lessThan":"6.17","status":"unaffected","versionType":"semver"},{"version":"6.17.8","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.17","versionEndExcluding":"6.17.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.17","versionEndExcluding":"6.18"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/9674c4cb2fe62727a2e4d3f66065ab949dfa61be"},{"url":"https://git.kernel.org/stable/c/c34e08ba6c0037a72a7433741225b020c989e4ae"}],"title":"drm/msm: Fix GEM free for imported dma-bufs","x_generator":{"engine":"bippy-1.2.0"}}}}