CVE-2025-38187
Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
04/07/2025
Última modificación:
04/07/2025
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
drm/nouveau: fix a use-after-free in r535_gsp_rpc_push()<br />
<br />
The RPC container is released after being passed to r535_gsp_rpc_send().<br />
<br />
When sending the initial fragment of a large RPC and passing the<br />
caller&#39;s RPC container, the container will be freed prematurely. Subsequent<br />
attempts to send remaining fragments will therefore result in a<br />
use-after-free.<br />
<br />
Allocate a temporary RPC container for holding the initial fragment of a<br />
large RPC when sending. Free the caller&#39;s container when all fragments<br />
are successfully sent.<br />
<br />
[ Rebase onto Blackwell changes. - Danilo ]