Device Use-After-Free Vulnerability in Mediatek DRM Driver for Linux Kernel
CVE-2025-40316

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 December 2025

What is CVE-2025-40316?

A vulnerability exists in the Mediatek DRM (Direct Rendering Manager) driver within the Linux kernel, identified as a device use-after-free issue. This flaw arises due to a reference imbalance caused when the driver attempts to unbind, particularly when a previous fix did not adequately address reference management during the component driver binding process. As a result, if errors occur during binding and unbinding, this could permit unauthorized access or modification of freed memory, posing significant risks to system stability and security.

Affected Version(s)

Linux 7d98166183d627c0b9daca7672b2191fae0f8a03

Linux 31ce7c089b50c3d3056c37e0e25e7535e4428ae1 < 0142fe895986addf35885b43440718e567121155

Linux 1f403699c40f0806a707a9a6eed3b8904224021a < 8ba827e09eb586e952d10e39406fa02d10bb591e

References

https://git.kernel.org/stable/c/a5a896f8315de358a2932e2c2...

https://git.kernel.org/stable/c/0142fe895986addf35885b434...

https://git.kernel.org/stable/c/8ba827e09eb586e952d10e394...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Apr 16, 2025

JSON