Use-After-Free Vulnerability in Linux Kernel's DRM Subsystem
CVE-2025-39740

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 September 2025

What is CVE-2025-39740?

A use-after-free vulnerability in the Linux kernel's Direct Rendering Manager (DRM) subsystem has been identified, which could potentially lead to memory corruption. Specifically, if the error path is triggered, previously allocated memory may be de-referenced after it has been freed, leading to unexpected behavior or crashes. This issue has been addressed by modifying the flow to ensure proper reference counting is maintained, thus preventing any unsafe conditions related to memory access.

Affected Version(s)

Linux 270172f64b114451876c1b68912653e72ab99f38 < 7e46fa64a4b94208563c3a5bf1d7f4346f94abea

Linux 270172f64b114451876c1b68912653e72ab99f38 < 145832fbdd17b1d77ffd6cdd1642259e101d1b7e

Linux 6.16

References

https://git.kernel.org/stable/c/7e46fa64a4b94208563c3a5bf...

https://git.kernel.org/stable/c/145832fbdd17b1d77ffd6cdd1...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
Apr 16, 2025