CVE-2025-40316

08.12.2025, 01:16

In the Linux kernel, the following vulnerability has been resolved:

drm/mediatek: Fix device use-after-free on unbind

A recent change fixed device reference leaks when looking up drm
platform device driver data during bind() but failed to remove a partial
fix which had been added by commit 80805b62ea5b ("drm/mediatek: Fix
kobject put for component sub-drivers").

This results in a reference imbalance on component bind() failures and
on unbind() which could lead to a user-after-free.

Make sure to only drop the references after retrieving the driver data
by effectively reverting the previous partial fix.

Note that holding a reference to a device does not prevent its driver
data from going away so there is no point in keeping the reference.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder weitere, nicht spezifizierte Auswirkungen zu erlangen.
Published: 2025-12-07T23:00:00+00:00

References

https://git.kernel.org/stable/c/0142fe895986addf35885b43440718e567121155

https://git.kernel.org/stable/c/8ba827e09eb586e952d10e39406fa02d10bb591e

https://git.kernel.org/stable/c/926d002e6d7e2f1fd5c1b53cf6208153ee7d380d

https://git.kernel.org/stable/c/a5a896f8315de358a2932e2c23c42d550256046a