CVE-2025-22097

drm/vkms: Fix use after free and double free on init error

Description

In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix use after free and double free on init error If the driver initialization fails, the vkms_exit() function might access an uninitialized or freed default_config pointer and it might double free it. Fix both possible errors by initializing default_config only when the driver initialization succeeded.

References

Link	Tags
https://git.kernel.org/stable/c/49a69f67f53518bdd9b7eeebf019a2da6cc0e954	patch
https://git.kernel.org/stable/c/79d138d137b80eeb0a83244d1cff29e64cf91067	patch
https://git.kernel.org/stable/c/561fc0c5cf41f646f3e9e61784cbc0fc832fb936	patch
https://git.kernel.org/stable/c/d5eb8e347905ab17788a7903fa1d3d06747355f5	patch
https://git.kernel.org/stable/c/b8a18bb53e06d6d3c1fd03d12533d6e333ba8853	patch
https://git.kernel.org/stable/c/1f68f1cf09d06061eb549726ff8339e064eddebd	patch
https://git.kernel.org/stable/c/ed15511a773df86205bda66c37193569575ae828	patch

Frequently Asked Questions

What is the severity of CVE-2025-22097?: CVE-2025-22097 has been scored as a high severity vulnerability.
How to fix CVE-2025-22097?: To fix CVE-2025-22097, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-22097 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-22097 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-22097?: CVE-2025-22097 affects Linux Linux, Linux Linux.

Description

Category

CWE-416 – Use After Free

References

Frequently Asked Questions