CVE-2025-38187

ADVISORY - nist

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/nouveau: fix a use-after-free in r535_gsp_rpc_push()

The RPC container is released after being passed to r535_gsp_rpc_send().

When sending the initial fragment of a large RPC and passing the caller's RPC container, the container will be freed prematurely. Subsequent attempts to send remaining fragments will therefore result in a use-after-free.

Allocate a temporary RPC container for holding the initial fragment of a large RPC when sending. Free the caller's container when all fragments are successfully sent.

[ Rebase onto Blackwell changes. - Danilo ]

EPSS Score: 0.00145 (0.041)

Common Weakness Enumeration (CWE)

ADVISORY - nist

Use After Free


Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in