CVE-2025-40037
CVE-2025-40037 is a Linux kernel use-after-free in the fbdev/simplefb path. The issue arises during device removal when pm_domain cleanup uses a struct simplefb_par allocated inside struct fb_info by framebuffer_alloc(); it was previously freed by unregister_framebuffer(), but devres cleanup runs...