CVE-2025-68233

Vulnerability

Overview

In the Linux kernel, the drm/tegra driver's host1x_memory_context_alloc() function calls get_task_pid() to obtain a PID reference but fails to release it with a corresponding put_pid() call. This oversight means the driver does not take ownership of the PID, and the reference is never freed, resulting in a memory leak [1][2].

Exploitation

An attacker with local access and the ability to trigger the allocation of a memory context via the DRM/Tegra subsystem can repeatedly invoke this code path. No special privileges beyond-local privileges are required beyond normal user access to the DRM device, as the leak occurs during standard memory context allocation operations.

Impact

Repeated exploitation causes the kernel to leak PID references, gradually consuming kernel memory. Over time, this can lead to system instability, denial of service, or resource exhaustion, potentially affecting other processes and system availability.

Mitigation

The fix adds the missing put_pid() call to properly release the PID reference. The patch has been applied to the stable kernel tree [1][2]. Users should update to a kernel version containing this commit to prevent the leak.