Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

017 - Ir a la línea de ayuda en Ciberseguridad    Ir a Agenda     Ir a Sala de prensa     Ir a suscripción de boletines

Ir al buscador

CVE-2025-68189

Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
16/12/2025
Última modificación:
18/12/2025

Descripción

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/msm: Fix GEM free for imported dma-bufs<br /> <br /> Imported dma-bufs also have obj-&gt;resv != &amp;obj-&gt;_resv. So we should<br /> check both this condition in addition to flags for handling the<br /> _NO_SHARE case.<br /> <br /> Fixes this splat that was reported with IRIS video playback:<br /> <br /> ------------[ cut here ]------------<br /> WARNING: CPU: 3 PID: 2040 at drivers/gpu/drm/msm/msm_gem.c:1127 msm_gem_free_object+0x1f8/0x264 [msm]<br /> CPU: 3 UID: 1000 PID: 2040 Comm: .gnome-shell-wr Not tainted 6.17.0-rc7 #1 PREEMPT<br /> pstate: 81400005 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)<br /> pc : msm_gem_free_object+0x1f8/0x264 [msm]<br /> lr : msm_gem_free_object+0x138/0x264 [msm]<br /> sp : ffff800092a1bb30<br /> x29: ffff800092a1bb80 x28: ffff800092a1bce8 x27: ffffbc702dbdbe08<br /> x26: 0000000000000008 x25: 0000000000000009 x24: 00000000000000a6<br /> x23: ffff00083c72f850 x22: ffff00083c72f868 x21: ffff00087e69f200<br /> x20: ffff00087e69f330 x19: ffff00084d157ae0 x18: 0000000000000000<br /> x17: 0000000000000000 x16: ffffbc704bd46b80 x15: 0000ffffd0959540<br /> x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000<br /> x11: ffffbc702e6cdb48 x10: 0000000000000000 x9 : 000000000000003f<br /> x8 : ffff800092a1ba90 x7 : 0000000000000000 x6 : 0000000000000020<br /> x5 : ffffbc704bd46c40 x4 : fffffdffe102cf60 x3 : 0000000000400032<br /> x2 : 0000000000020000 x1 : ffff00087e6978e8 x0 : ffff00087e6977e8<br /> Call trace:<br /> msm_gem_free_object+0x1f8/0x264 [msm] (P)<br /> drm_gem_object_free+0x1c/0x30 [drm]<br /> drm_gem_object_handle_put_unlocked+0x138/0x150 [drm]<br /> drm_gem_object_release_handle+0x5c/0xcc [drm]<br /> drm_gem_handle_delete+0x68/0xbc [drm]<br /> drm_gem_close_ioctl+0x34/0x40 [drm]<br /> drm_ioctl_kernel+0xc0/0x130 [drm]<br /> drm_ioctl+0x360/0x4e0 [drm]<br /> __arm64_sys_ioctl+0xac/0x104<br /> invoke_syscall+0x48/0x104<br /> el0_svc_common.constprop.0+0x40/0xe0<br /> do_el0_svc+0x1c/0x28<br /> el0_svc+0x34/0xec<br /> el0t_64_sync_handler+0xa0/0xe4<br /> el0t_64_sync+0x198/0x19c<br /> ---[ end trace 0000000000000000 ]---<br /> ------------[ cut here ]------------<br /> <br /> Patchwork: https://patchwork.freedesktop.org/patch/676273/

Impacto

Referencias a soluciones, herramientas e información