Linux Kernel DRM Subsystem Use-After-Free Vulnerability in ADV7511 Driver

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's DRM subsystem, specifically within the ADV7511 driver. The issue arises in the 'adv7533_attach_dsi()' function, which improperly uses a pointer that has already been freed. This vulnerability was introduced when the 'host_node' pointer was assigned and then released in the 'adv7533_parse_dt()' function. The problem is resolved by removing the 'of_node_put()' call in 'adv7533_parse_dt()' and instead placing it in the error handling path of the 'probe()' function and the 'remove()' function.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, potentially allowing for memory corruption or arbitrary code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel DRM Subsystem Use-After-Free Vulnerability in ADV7511 Driver

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating