CVE-2025-40096
Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
30/10/2025
Última modificación:
30/10/2025
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies<br />
<br />
When adding dependencies with drm_sched_job_add_dependency(), that<br />
function consumes the fence reference both on success and failure, so in<br />
the latter case the dma_fence_put() on the error path (xarray failed to<br />
expand) is a double free.<br />
<br />
Interestingly this bug appears to have been present ever since<br />
commit ebd5f74255b9 ("drm/sched: Add dependency tracking"), since the code<br />
back then looked like this:<br />
<br />
drm_sched_job_add_implicit_dependencies():<br />
...<br />
for (i = 0; i
Impacto
Referencias a soluciones, herramientas e información
- https://git.kernel.org/stable/c/4c38a63ae12ecc9370a7678077bde2d61aa80e9c
- https://git.kernel.org/stable/c/57239762aa90ad768dac055021f27705dae73344
- https://git.kernel.org/stable/c/5801e65206b065b0b2af032f7f1eef222aa2fd83
- https://git.kernel.org/stable/c/e5e3eb2aff92994ee81ce633f1c4e73bd4b87e11
- https://git.kernel.org/stable/c/fdfb47e85af1e11ec822c82739dde2dd8dff5115