CVE-2025-38187

EUVD-2025-20069
In the Linux kernel, the following vulnerability has been resolved:

drm/nouveau: fix a use-after-free in r535_gsp_rpc_push()

The RPC container is released after being passed to r535_gsp_rpc_send().

When sending the initial fragment of a large RPC and passing the
caller's RPC container, the container will be freed prematurely. Subsequent
attempts to send remaining fragments will therefore result in a
use-after-free.

Allocate a temporary RPC container for holding the initial fragment of a
large RPC when sending. Free the caller's container when all fragments
are successfully sent.

[ Rebase onto Blackwell changes. - Danilo ]
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
6.7 ≤
𝑥
< 6.15.4
linuxlinux_kernel
6.16:rc1
linuxlinux_kernel
6.16:rc2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.170-3
fixed
bookworm (security)
6.1.172-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.251-5
fixed
forky
7.0.7-1
fixed
sid
7.0.7-1
fixed
trixie
vulnerable
trixie (security)
vulnerable
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
kernel-64kb
suse enterprise desktop 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.11.1
fixed
kernel-azure
suse enterprise sap 15 SP6
6.4.0-150600.8.48.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.20.11.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.8.48.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.20.11.1
fixed
kernel-default
suse enterprise desktop 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.11.1
fixed
kernel-default-base
suse enterprise desktop 15 SP6
6.4.0-150600.23.65.1.150600.12.28.4
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.11.1.150700.17.9.4
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.65.1.150600.12.28.4
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.11.1.150700.17.9.4
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.65.1.150600.12.28.4
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.11.1.150700.17.9.4
fixed
kernel-docs
suse enterprise desktop 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.11.3
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.11.3
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.11.3
fixed
kernel-macros
suse enterprise desktop 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.11.1
fixed
kernel-obs-build
suse enterprise desktop 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.11.1
fixed
kernel-source
suse enterprise desktop 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.11.1
fixed
kernel-source-azure
suse enterprise sap 15 SP6
6.4.0-150600.8.48.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.20.11.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.8.48.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.20.11.1
fixed
kernel-syms
suse enterprise desktop 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.11.1
fixed
kernel-syms-azure
suse enterprise sap 15 SP6
6.4.0-150600.8.48.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.20.11.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.8.48.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.20.11.1
fixed
kernel-zfcpdump
suse enterprise desktop 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.11.1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/9802f0a63b641f4cddb2139c814c2e95cb825099
https://git.kernel.org/stable/c/cd4677407c0ee250fc21e36439c8a442ddd62cc1