CVE-2025-68735

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/panthor: Prevent potential UAF in group creation<br /> <br /> This commit prevents the possibility of a use after free issue in the<br /> GROUP_CREATE ioctl function, which arose as pointer to the group is<br /> accessed in that ioctl function after storing it in the Xarray.<br /> A malicious userspace can second guess the handle of a group and try<br /> to call GROUP_DESTROY ioctl from another thread around the same time<br /> as GROUP_CREATE ioctl.<br /> <br /> To prevent the use after free exploit, this commit uses a mark on an<br /> entry of group pool Xarray which is added just before returning from<br /> the GROUP_CREATE ioctl function. The mark is checked for all ioctls<br /> that specify the group handle and so userspace won&amp;#39;t be abe to delete<br /> a group that isn&amp;#39;t marked yet.<br /> <br /> v2: Add R-bs and fixes tags