CVE-2025-38596

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The Linux kernel contains a use-after-free issue within the panthor gem create with handle() function related to debugfs code. The vulnerability occurs because an object may be released via drm gem object put() before it is fully constructed, leading to a potential use-after-free condition. The debugfs tracking mechanism uses a separate lock and list, along with a flag to indicate object initialization. The fix simplifies the process by adding the object to debugfs only when it is fully initialized, removing the separate flag and leveraging existing checks in panthor gem debugfs bo rm() to handle error path cleanup.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.