Linux Kernel Panthor DRM Garbage Value Vulnerability in Device Query IOCTL

Vulnerability

A vulnerability in the Linux kernel's Panthor Direct Rendering Manager (DRM) module has been addressed. The issue arose in the 'panthor_ioctl_dev_query()' function, where the 'priorities_info' variable was uninitialized. This uninitialized value was inadvertently copied to a user object during the execution of 'PANTHOR_UOBJ_SET()', leading to the potential exposure of garbage values. The vulnerability has been resolved by initializing 'priorities_info' with memset to eliminate the issue of uninitialized data.

Impact

The vulnerability could have allowed user-space applications to receive uninitialized, and potentially sensitive, data from the kernel, leading to undefined behavior or exploitation opportunities.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Panthor DRM Garbage Value Vulnerability in Device Query IOCTL

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating