{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-68748","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-24T10:30:51.032Z","datePublished":"2025-12-24T12:09:43.620Z","dateUpdated":"2026-05-11T21:52:35.034Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:52:35.034Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panthor: Fix UAF race between device unplug and FW event processing\n\nThe function panthor_fw_unplug() will free the FW memory sections.\nThe problem is that there could still be pending FW events which are yet\nnot handled at this point. process_fw_events_work() can in this case try\nto access said freed memory.\n\nSimply call disable_work_sync() to both drain and prevent future\ninvocation of process_fw_events_work()."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/panthor/panthor_sched.c"],"versions":[{"version":"de85488138247d034eb3241840424a54d660926b","lessThan":"31db188355a49337e3e8ec98b99377e482eab22c","status":"affected","versionType":"git"},{"version":"de85488138247d034eb3241840424a54d660926b","lessThan":"5e3ff56d4cb591daea70786d07dc21d06dc34108","status":"affected","versionType":"git"},{"version":"de85488138247d034eb3241840424a54d660926b","lessThan":"6c1da9ae2c123a9ffda5375e64cc81f9ed3cc04a","status":"affected","versionType":"git"},{"version":"de85488138247d034eb3241840424a54d660926b","lessThan":"7051f6ba968fa69918d72cc26de4d6cf7ea05b90","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/panthor/panthor_sched.c"],"versions":[{"version":"6.10","status":"affected"},{"version":"0","lessThan":"6.10","status":"unaffected","versionType":"semver"},{"version":"6.12.63","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.13","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18.2","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.12.63"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.17.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.18.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/31db188355a49337e3e8ec98b99377e482eab22c"},{"url":"https://git.kernel.org/stable/c/5e3ff56d4cb591daea70786d07dc21d06dc34108"},{"url":"https://git.kernel.org/stable/c/6c1da9ae2c123a9ffda5375e64cc81f9ed3cc04a"},{"url":"https://git.kernel.org/stable/c/7051f6ba968fa69918d72cc26de4d6cf7ea05b90"}],"title":"drm/panthor: Fix UAF race between device unplug and FW event processing","x_generator":{"engine":"bippy-1.2.0"}}}}