CVE
DEBIAN-CVE-2025-71099
In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() In xe_oa_add_config_ioctl(), we accessed oa_config->id after dropping met...
In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix potential UAF in xeoaaddconfigioctl() In xeoaaddconfigioctl(), we accessed oaconfig->id after dropping metricslock. Since this lock protects the lifetime of oaconfig, an attacker could guess the id and call xeoaremoveconfigioctl() with perfect timing, freeing oaconfig before we dereference it, leading to a potential use-after-free. Fix this by caching the id in a local variable while holding the lock. v2: (Matt A) - Dropped mutexunlock(&oa->metricslock) ordering change from xeoaremoveconfigioctl() (cherry picked from commit 28aeaed130e8e587fd1b73b6d66ca41ccc5a1a31)
Package Versions Affected
Package Version
patch Availability
No items found.
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
-
C
H
U
0
-
3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
C
H
U
-
Related Resources
No items found.
References
https://security-tracker.debian.org/tracker/CVE-2025-71099
Basic Information
Ecosystem
