{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-68189", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-16T13:41:40.253Z", "datePublished": "2025-12-16T13:43:11.507Z", "dateUpdated": "2026-05-11T21:48:22.985Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:48:22.985Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix GEM free for imported dma-bufs\n\nImported dma-bufs also have obj->resv != &obj->_resv. So we should\ncheck both this condition in addition to flags for handling the\n_NO_SHARE case.\n\nFixes this splat that was reported with IRIS video playback:\n\n ------------[ cut here ]------------\n WARNING: CPU: 3 PID: 2040 at drivers/gpu/drm/msm/msm_gem.c:1127 msm_gem_free_object+0x1f8/0x264 [msm]\n CPU: 3 UID: 1000 PID: 2040 Comm: .gnome-shell-wr Not tainted 6.17.0-rc7 #1 PREEMPT\n pstate: 81400005 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n pc : msm_gem_free_object+0x1f8/0x264 [msm]\n lr : msm_gem_free_object+0x138/0x264 [msm]\n sp : ffff800092a1bb30\n x29: ffff800092a1bb80 x28: ffff800092a1bce8 x27: ffffbc702dbdbe08\n x26: 0000000000000008 x25: 0000000000000009 x24: 00000000000000a6\n x23: ffff00083c72f850 x22: ffff00083c72f868 x21: ffff00087e69f200\n x20: ffff00087e69f330 x19: ffff00084d157ae0 x18: 0000000000000000\n x17: 0000000000000000 x16: ffffbc704bd46b80 x15: 0000ffffd0959540\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: ffffbc702e6cdb48 x10: 0000000000000000 x9 : 000000000000003f\n x8 : ffff800092a1ba90 x7 : 0000000000000000 x6 : 0000000000000020\n x5 : ffffbc704bd46c40 x4 : fffffdffe102cf60 x3 : 0000000000400032\n x2 : 0000000000020000 x1 : ffff00087e6978e8 x0 : ffff00087e6977e8\n Call trace:\n msm_gem_free_object+0x1f8/0x264 [msm] (P)\n drm_gem_object_free+0x1c/0x30 [drm]\n drm_gem_object_handle_put_unlocked+0x138/0x150 [drm]\n drm_gem_object_release_handle+0x5c/0xcc [drm]\n drm_gem_handle_delete+0x68/0xbc [drm]\n drm_gem_close_ioctl+0x34/0x40 [drm]\n drm_ioctl_kernel+0xc0/0x130 [drm]\n drm_ioctl+0x360/0x4e0 [drm]\n __arm64_sys_ioctl+0xac/0x104\n invoke_syscall+0x48/0x104\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xec\n el0t_64_sync_handler+0xa0/0xe4\n el0t_64_sync+0x198/0x19c\n ---[ end trace 0000000000000000 ]---\n ------------[ cut here ]------------\n\nPatchwork: https://patchwork.freedesktop.org/patch/676273/"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/msm/msm_gem.c"], "versions": [{"version": "de651b6e040ba419418a37401e45d24f133e8a59", "lessThan": "9674c4cb2fe62727a2e4d3f66065ab949dfa61be", "status": "affected", "versionType": "git"}, {"version": "de651b6e040ba419418a37401e45d24f133e8a59", "lessThan": "c34e08ba6c0037a72a7433741225b020c989e4ae", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/msm/msm_gem.c"], "versions": [{"version": "6.17", "status": "affected"}, {"version": "0", "lessThan": "6.17", "status": "unaffected", "versionType": "semver"}, {"version": "6.17.8", "lessThanOrEqual": "6.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17", "versionEndExcluding": "6.17.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17", "versionEndExcluding": "6.18"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9674c4cb2fe62727a2e4d3f66065ab949dfa61be"}, {"url": "https://git.kernel.org/stable/c/c34e08ba6c0037a72a7433741225b020c989e4ae"}], "title": "drm/msm: Fix GEM free for imported dma-bufs", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix GEM free for imported dma-bufs\n\nImported dma-bufs also have obj->resv != &obj->_resv. So we should\ncheck both this condition in addition to flags for handling the\n_NO_SHARE case.\n\nFixes this splat that was reported with IRIS video playback:\n\n ------------[ cut here ]------------\n WARNING: CPU: 3 PID: 2040 at drivers/gpu/drm/msm/msm_gem.c:1127 msm_gem_free_object+0x1f8/0x264 [msm]\n CPU: 3 UID: 1000 PID: 2040 Comm: .gnome-shell-wr Not tainted 6.17.0-rc7 #1 PREEMPT\n pstate: 81400005 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n pc : msm_gem_free_object+0x1f8/0x264 [msm]\n lr : msm_gem_free_object+0x138/0x264 [msm]\n sp : ffff800092a1bb30\n x29: ffff800092a1bb80 x28: ffff800092a1bce8 x27: ffffbc702dbdbe08\n x26: 0000000000000008 x25: 0000000000000009 x24: 00000000000000a6\n x23: ffff00083c72f850 x22: ffff00083c72f868 x21: ffff00087e69f200\n x20: ffff00087e69f330 x19: ffff00084d157ae0 x18: 0000000000000000\n x17: 0000000000000000 x16: ffffbc704bd46b80 x15: 0000ffffd0959540\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: ffffbc702e6cdb48 x10: 0000000000000000 x9 : 000000000000003f\n x8 : ffff800092a1ba90 x7 : 0000000000000000 x6 : 0000000000000020\n x5 : ffffbc704bd46c40 x4 : fffffdffe102cf60 x3 : 0000000000400032\n x2 : 0000000000020000 x1 : ffff00087e6978e8 x0 : ffff00087e6977e8\n Call trace:\n msm_gem_free_object+0x1f8/0x264 [msm] (P)\n drm_gem_object_free+0x1c/0x30 [drm]\n drm_gem_object_handle_put_unlocked+0x138/0x150 [drm]\n drm_gem_object_release_handle+0x5c/0xcc [drm]\n drm_gem_handle_delete+0x68/0xbc [drm]\n drm_gem_close_ioctl+0x34/0x40 [drm]\n drm_ioctl_kernel+0xc0/0x130 [drm]\n drm_ioctl+0x360/0x4e0 [drm]\n __arm64_sys_ioctl+0xac/0x104\n invoke_syscall+0x48/0x104\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xec\n el0t_64_sync_handler+0xa0/0xe4\n el0t_64_sync+0x198/0x19c\n ---[ end trace 0000000000000000 ]---\n ------------[ cut here ]------------\n\nPatchwork: https://patchwork.freedesktop.org/patch/676273/"}], "id": "CVE-2025-68189", "lastModified": "2026-04-15T00:35:42.020", "metrics": {}, "published": "2025-12-16T14:15:51.567", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9674c4cb2fe62727a2e4d3f66065ab949dfa61be"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c34e08ba6c0037a72a7433741225b020c989e4ae"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Deferred"}

{"bugzilla": {"description": "kernel: drm/msm: Fix GEM free for imported dma-bufs", "id": "2422660", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422660"}, "csaw": false, "details": ["No description is available for this CVE."], "name": "CVE-2025-68189", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-12-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-68189\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-68189\nhttps://lore.kernel.org/linux-cve-announce/2025121634-CVE-2025-68189-c9b6@gregkh/T"]}

{}