PT-2025-18446 · Linux+6 · Linux Kernel+6
Published
2025-03-27
·
Updated
2026-05-26
·
CVE-2025-37765
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.14.0-rc4
Description
A general protection fault occurs in the Linux kernel due to a dangling pointer dereference in the ttm bo delayed delete function. This issue arises from the drm prime gem destroy function releasing a reference to a shared dma buf, leading to its destruction and subsequently causing a general protection fault when the dangling pointer is dereferenced. The estimated number of potentially affected devices is not provided.
Recommendations
To resolve this issue, move the drm prime gem destroy call from nouveau gem object del to nouveau bo del ttm, ensuring it runs after ttm bo delayed delete. This change prevents the premature destruction of the dma buf and the resulting general protection fault.
Note: The provided information does not specify the exact version where this issue is fixed, only that it is resolved in versions after 6.14.0-rc4.
Exploit
Fix
DoS
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu