CVE-2025-38187

UNKNOWN 0.0

drm/nouveau: fix a use-after-free in r535_gsp_rpc_push()

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() The RPC container is released after being passed to r535_gsp_rpc_send(). When sending the initial fragment of a large RPC and passing the caller's RPC container, the container will be freed prematurely. Subsequent attempts to send remaining fragments will therefore result in a use-after-free. Allocate a temporary RPC container for holding the initial fragment of a large RPC when sending. Free the caller's container when all fragments are successfully sent. [ Rebase onto Blackwell changes. - Danilo ]

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Jul 4, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

176fdcbddfd288408ce8571c1760ad618d962096 < cd4677407c0ee250fc21e36439c8a442ddd62cc1 176fdcbddfd288408ce8571c1760ad618d962096 < 9802f0a63b641f4cddb2139c814c2e95cb825099

Linux / Linux

6.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/cd4677407c0ee250fc21e36439c8a442ddd62cc1 git.kernel.org: https://git.kernel.org/stable/c/9802f0a63b641f4cddb2139c814c2e95cb825099