CVE-2025-21843

Published: Mar 7, 2025Modified: Oct 1, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: avoid garbage value in panthor_ioctl_dev_query() 'priorities_info' is uninitialized, and the uninitialized value is copied to user object when calling PANTHOR_UOBJ_SET(). Using memset to initialize 'priorities_info' to avoid this garbage value problem.

Affected (3)

Products: Linux: Linux Kernel

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.13 to 6.13.4
Linux Linux Kernel	Version 6.14 rc1
Linux Linux Kernel	Version 6.14 rc2

Related CWEs

Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

References (2)

https://git.kernel.org/stable/c/3b32b7f638fe61e9d29290960172f4e360e38233

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/64b95bbc08bacf3e4b05c8604e6a4fec43bb712a

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.