PT-2025-51594 · Linux+3 · Linux Kernel+3

Published

2025-10-18

Updated

2026-02-24

CVE-2025-68181

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue within the DRM/radeon driver related to the incorrect handling of device resource management. Specifically, calls to drm put dev() persist in the probe error and device removal paths despite the driver's main structure allocation being changed to devm drm dev alloc(), which should handle freeing resources via devres. This results in a double-free scenario, leading to warnings such as 'refcount t: underflow; use-after-free' when the driver fails to probe. The issue stems from devres attempting to call drm put dev() after the driver has already done so.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-03148

CVE-2025-68181

OPENSUSE-SU-2026:20145-1

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:20207-1

SUSE-SU-2026:20220-1

SUSE-SU-2026:20228-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8048-1

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

PT-2025-51594 · Linux+3 · Linux Kernel+3

CVE-2025-68181

Weakness Enumeration

Related Identifiers

Affected Products

References · 1353