Primary

Context

Linux Kernel UAF Vulnerability in DRM/xe Tracing

Vulnerability

Patched

A use-after-free vulnerability has been identified in the Linux kernel's Direct Rendering Manager (DRM) Xe tracing component. This issue arises from the xe_bo_move trace event, where the xe_mem_type_to_name array is improperly dereferenced during TP_printk formatting, creating potential memory safety risks. The vulnerability affects Linux kernel versions prior to 6.10, and explicit backporting may be necessary for older kernels.

Impact

Exploitation of this vulnerability could lead to memory corruption issues, allowing for use-after-free scenarios that could be exploited to execute arbitrary code or cause a denial-of-service condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel UAF Vulnerability in DRM/xe Tracing

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating