Linux Kernel Local Use-After-Free Vulnerability in DRM Subsystem

Vulnerability

A use-after-free vulnerability has been addressed in the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically within the XE driver. The issue arose in the error handling path of the 'xe_migrate_clear' function, where the code improperly waited on a potentially unstable, locally-generated fence. This mismanagement could lead to a use-after-free condition. The vulnerability has been resolved by modifying the code to correctly wait on the local fence.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, potentially allowing for memory corruption or arbitrary code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Local Use-After-Free Vulnerability in DRM Subsystem

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating