VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2025-68748

CVE-2025-68748

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/panthor: Fix UAF race between device unplug and FW event processing

The function panthor_fw_unplug() will free the FW memory sections. The problem is that there could still be pending FW events which are yet not handled at this point. process_fw_events_work() can in this case try to access said freed memory.

Simply call disable_work_sync() to both drain and prevent future invocation of process_fw_events_work().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Use-after-free race in panthor DRM driver during device unplug due to unsynchronized firmware event processing; fix calls disable_work_sync().

Vulnerability

In the Linux kernel's drm/panthor driver, a use-after-free (UAF) race condition exists between device unplug and firmware (FW) event processing. The function panthor_fw_unplug() frees FW memory sections, but pending FW events that have not yet been handled can subsequently access that freed memory, leading to a use-after-free [1].

Exploitation

An attacker with local access and the ability to trigger device unplug while FW events are pending could exploit this race condition. The vulnerability does not require special privileges beyond the ability to interact with the panthor device. The race window is between freeing the memory and the completion of event processing.

Impact

Successful exploitation could lead to memory corruption, system crash, or potentially privilege escalation if an attacker can control the freed memory contents.

Mitigation

The fix, provided in commit [1] and backported to stable trees [2][3][4], replaces the unsynchronized cleanup with disable_work_sync() to drain and prevent future invocation of process_fw_events_work(), ensuring no events are processed after memory is freed. Users should apply the latest kernel updates.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!
  4. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.