Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Use-After-Free Vulnerability in DRM XE OA Config IOCTL

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's Direct Rendering Manager (DRM) XE component, specifically within the 'xe_oa_add_config_ioctl' function. The issue arises because the function accesses the 'oa_config->id' after releasing the 'metrics_lock', which is crucial for managing the lifetime of 'oa_config'. This timing flaw could allow an attacker to predict the 'id' and invoke 'xe_oa_remove_config_ioctl' to free 'oa_config' before it is accessed, leading to a potential use-after-free condition. The vulnerability affects Linux kernel versions 6.11 and later.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, which may be exploited to execute arbitrary code or cause a denial-of-service by crashing the system.

Remediation

Users can upgrade to the latest version of the Linux kernel to address this vulnerability. The patched version is available in the Linux stable tree.

Added: Jan 13, 2026, 4:33 PM
Updated: Jan 13, 2026, 4:33 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
3.5
remediation
7.7
relevance
2.0
threat
3.2
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.