Use-After-Free Vulnerability in Mediatek DRM Component for Linux Kernel
CVE-2025-39882

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 23 September 2025

What is CVE-2025-39882?

A vulnerability exists in the Mediatek DRM component of the Linux kernel where improper reference counting can lead to a use-after-free condition. The issue arises in the for_each_child_of_node() function, which drops a reference for each node as it iterates over child nodes. An erroneous additional reference count decrement that was recently introduced can compromise memory management, leading to potential exploitation. This vulnerability necessitates corrective measures to prevent misuse and ensure system stability.

Affected Version(s)

Linux 7d98166183d627c0b9daca7672b2191fae0f8a03

Linux 31ce7c089b50c3d3056c37e0e25e7535e4428ae1

Linux fae58d0155a979a8c414bbc12db09dd4b2f910d0

References

https://git.kernel.org/stable/c/b2fbe0f9f80b9cfa1e06ddcf8...

https://git.kernel.org/stable/c/b58a26cdd4795c1ce6a80e38e...

https://git.kernel.org/stable/c/c4901802ed1ce859242e10af0...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Apr 16, 2025

JSON