CVE-2025-68735

Published: Dic 24, 2025 Last Modified: Dic 29, 2025

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

In the Linux kernel, the following vulnerability has been resolved:

drm/panthor: Prevent potential UAF in group creation

This commit prevents the possibility of a use after free issue in the
GROUP_CREATE ioctl function, which arose as pointer to the group is
accessed in that ioctl function after storing it in the Xarray.
A malicious userspace can second guess the handle of a group and try
to call GROUP_DESTROY ioctl from another thread around the same time
as GROUP_CREATE ioctl.

To prevent the use after free exploit, this commit uses a mark on an
entry of group pool Xarray which is added just before returning from
the GROUP_CREATE ioctl function. The mark is checked for all ioctls
that specify the group handle and so userspace won't be abe to delete
a group that isn't marked yet.

v2: Add R-bs and fixes tags

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0002

Percentile

0,1th

Updated

EPSS Score Trend (Last 81 Days)

https://git.kernel.org/stable/c/c646ebff3fa571e7ea974235286…

https://git.kernel.org/stable/c/c646ebff3fa571e7ea974235286fb9ed3edc260c

https://git.kernel.org/stable/c/deb8b2491f6b9882ae02d7dc265…

https://git.kernel.org/stable/c/deb8b2491f6b9882ae02d7dc2651c7bf4f3b7e05

https://git.kernel.org/stable/c/eec7e23d848d2194dd8791fcd0f…

https://git.kernel.org/stable/c/eec7e23d848d2194dd8791fcd0f4a54d4378eecd

CVE-2025-68735

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 81 Days)

Iscriviti alla newsletter