CVE-2025-40069
Description
In the Linux kernel, the following vulnerability has been resolved:
drm/msm: Fix obj leak in VM_BIND error path
If we fail a handle-lookup part way thru, we need to drop the already obtained obj references.
Patchwork: https://patchwork.freedesktop.org/patch/669784/
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A memory leak in the drm/msm driver's VM_BIND error path can cause unreferenced object references, potentially leading to resource exhaustion.
Vulnerability
Overview
In the Linux kernel's drm/msm driver, a memory leak vulnerability exists in the VM_BIND error path. When a handle lookup fails partway through the VM_BIND operation, previously obtained object references are not properly released, leading to unreferenced object references that persist in memory [1].
Exploitation and
Impact
This vulnerability can be triggered by a local user with access to the DRM subsystem, specifically through the MSM GPU driver's VM_BIND ioctl. The attack requires the ability to invoke the VM_BIND operation and cause a handle lookup failure at a specific point in the code path. An attacker could repeatedly trigger this error path to exhaust kernel memory resources, leading to a denial-of-service condition [1].
Mitigation
The fix is included in the Linux kernel stable tree as commit 2b512909a291a964cfcf6b58de13256ab3e848c4 [1]. Users should update their kernel to a version containing this patch. No workaround is mentioned in the available references.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
22b512909a291278f8904434aVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.