CVE-2025-68170

CVE-2025-68170: Linux kernel drm/radeon driver vulnerability due to improper deallocation of a rdev object. Root cause: after switching to devm_drm_dev_alloc(), rdev is managed by devres and must not be freed with kfree(). The patch prevents kfree() on the devres-managed rdev, avoiding a double-f...

CVE-2025-68170 drm/radeon: Do not kfree() devres managed rdev

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Do not kfree devres managed rdev Since the allocation of the drivers main structure was changed to devmdrmdevalloc rdev is managed by devres and we shouldn't be calling kfree on it. This fixes things exploding if the...

PT-2025-51583

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the DRM/Radeon driver where the rdev structure, managed by devres, was incorrectly being freed using kfree. This occurred because the allocation metho...

Linux Distros Unpatched Vulnerability : CVE-2025-68170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/radeon: Do not kfree devres managed rdev Since the allocation of the drivers main structure was changed to devmdrmdevalloc rdev is managed by devres and we...

PT-2025-51594

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the DRM/radeon driver related to the incorrect handling of device resource management. Specifically, calls to drm put dev persist in the probe...

SUSE CVE-2023-53851

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: Drop aux devices together with DP controller Using devres to depopulate the aux bus made sure that upon a probe deferral the EDP panel device would be destroyed and recreated upon next attempt. But the struct device...

Linux Distros Unpatched Vulnerability : CVE-2023-53851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/msm/dp: Drop aux devices together with DP controller Using devres to depopulate the aux bus made sure that upon a probe deferral the EDP panel device would ...

kernel: scsi: ufs: core: Fix use-after free in init error and remove paths

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix use-after free in init error and remove paths devmblkcryptoprofileinit registers a cleanup handler to run when the associated platform- device is being released. For UFS, the crypto private data and pointers...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989036)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989036 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dsa: ar9331: register the mdiobus under devres As explained in commits: 74b6d7d13307 net: ds...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989805)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989805 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiqgswip: don't use devres for mdiobus As explained in commits: 74b6d7d13307 net: ds...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988852)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988852 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: don't use devres for mdiobus As explained in commits: 74b6d7d13307 net: dsa:...

SUSE CVE-2025-40037

In the Linux kernel, the following vulnerability has been resolved: fbdev: simplefb: Fix use after free in simplefbdetachgenpds The pmdomain cleanup can not be devres managed as it uses struct simplefbpar which is allocated within struct fbinfo by framebufferalloc. This allocation is explicitly...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Use After Free (CVE-2024-43871)

In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devmfreepercpu It will cause memory leakage when use driver API devmfreepercpu to free memory allocated by devmallocpercpu, fixed by using devresrelease instead of devresdestroy...

CVE-2025-40037 fbdev: simplefb: Fix use after free in simplefb_detach_genpds()

In the Linux kernel, the following vulnerability has been resolved: fbdev: simplefb: Fix use after free in simplefbdetachgenpds The pmdomain cleanup can not be devres managed as it uses struct simplefbpar which is allocated within struct fbinfo by framebufferalloc. This allocation is explicitly...

EUVD-2025-36491

In the Linux kernel, the following vulnerability has been resolved: fbdev: simplefb: Fix use after free in simplefbdetachgenpds The pmdomain cleanup can not be devres managed as it uses struct simplefbpar which is allocated within struct fbinfo by framebufferalloc. This allocation is explicitly...

Siemens SIMATIC Devices Allocation of Resources Without Limits or Throttling (CVE-2024-43856)

In the Linux kernel, the following vulnerability has been resolved: dma: fix call order in dmamfreecoherent dmamfreecoherent frees a DMA allocation, which makes the freed vaddr available for reuse, then calls devresdestroy to remove and free the data structure used to track the DMA allocation...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987526)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987526 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: don't use devres for mdiobus As explained in commits: 74b6d7d13307 net: dsa:...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987515)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987515 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dsa: bcmsf2: don't use devres for mdiobus As explained in commits: 74b6d7d13307 net: dsa:...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987547)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987547 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: don't use devres for mdiobus As explained in commits: 74b6d7d13307 net: dsa:...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987561)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987561 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dsa: ar9331: register the mdiobus under devres As explained in commits: 74b6d7d13307 net: ds...