Katya Orlova

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.58 **Description** The issue is related to use-after-free problems in the Linux kernel, specifically in the drm/stm module. The `ltdc load()` function calls `drm crtc init with planes()`, `drm universal plane init()`, and `drm encoder init()` with parameters allocated using `devm kzalloc()`, which can lead to use-after-free issues. The vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information. The `ltdc plane create()` function in the `drivers/gpu/drm/stm/ltdc.c` module is also affected. **Recommendations** For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider using allocations managed by the DRM framework instead of `devm kzalloc()` to avoid use-after-free issues. Restrict access to the `ltdc plane create()` function in the `drivers/gpu/drm/stm/ltdc.c` module to minimize the risk of exploitation.