CVE-2025-37763 in Linuxinfo

Summary

by MITRE • 05/01/2025

In the Linux kernel, the following vulnerability has been resolved:

drm/imagination: take paired job reference

For paired jobs, have the fragment job take a reference on the geometry job, so that the geometry job cannot be freed until the fragment job has finished with it.

The geometry job structure is accessed when the fragment job is being prepared by the GPU scheduler. Taking the reference prevents the geometry job being freed until the fragment job no longer requires it.

Fixes a use after free bug detected by KASAN:

[ 124.256386] BUG: KASAN: slab-use-after-free in pvr_queue_prepare_job+0x108/0x868 [powervr]
[ 124.264893] Read of size 1 at addr ffff0000084cb960 by task kworker/u16:4/63

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 03/16/2026

The vulnerability CVE-2025-37763 represents a critical use-after-free condition within the Linux kernel's graphics subsystem, specifically affecting the drm/imagination driver component. This flaw manifests in the PowerVR graphics driver implementation where paired geometry and fragment jobs are processed concurrently. The vulnerability stems from improper reference counting mechanisms that fail to maintain proper lifecycle management between dependent GPU job structures. When the GPU scheduler prepares fragment jobs for execution, it accesses the geometry job structure that should remain valid until the fragment job completes its processing. The absence of proper reference tracking creates a window where the geometry job can be prematurely freed while the fragment job still holds references to it, leading to memory corruption and potential system instability.

This security issue directly relates to CWE-416, which describes the use of freed memory condition, and more specifically aligns with CWE-125, the out-of-bounds read vulnerability that occurs when accessing memory beyond the intended bounds. The flaw operates within the context of kernel-level graphics processing where the power management and scheduling subsystems interact with hardware-specific drivers. The KASAN (Kernel Address Sanitizer) detection mechanism identified this issue through a slab-use-after-free error, indicating that memory allocated from kernel slab allocators was accessed after being freed. The error trace shows the problematic access occurring in the pvr_queue_prepare_job function, where a read operation of size one accesses memory address ffff0000084cb960, demonstrating how the fragment job attempts to access memory that has already been deallocated by the geometry job's completion.

The operational impact of this vulnerability extends beyond simple memory corruption, potentially enabling privilege escalation and system compromise through carefully crafted graphics workloads. Attackers could exploit this condition to execute arbitrary code within kernel space, bypassing standard security boundaries and potentially gaining full system control. The vulnerability affects systems utilizing PowerVR graphics hardware through the drm/imagination driver, making it particularly relevant for embedded systems, mobile devices, and gaming platforms that rely on this graphics processing architecture. The timing of the flaw makes it especially dangerous as it occurs during GPU job preparation, a critical phase where the scheduler manages resource allocation and job dependencies. This condition could be triggered through normal graphics rendering operations or more sophisticated attack vectors involving malformed graphics commands or resource exhaustion attacks.

Mitigation strategies for CVE-2025-37763 require immediate patch application to the Linux kernel, specifically targeting the drm/imagination driver component. The fix implements proper reference counting by ensuring that fragment jobs maintain a reference to their corresponding geometry jobs until completion, preventing premature memory deallocation. System administrators should prioritize updating kernel versions to include this patch, particularly in production environments handling graphics-intensive workloads or those with security-sensitive operations. Additional monitoring should focus on KASAN logs and kernel memory allocation patterns to detect potential exploitation attempts. The solution aligns with ATT&CK technique T1068, which covers local privilege escalation through kernel vulnerabilities, and T1547, covering kernel module loading and modification. Organizations should also consider implementing runtime protections such as kernel lockdown modes, memory protection mechanisms, and regular security audits of graphics processing components to prevent exploitation of similar vulnerabilities in the graphics driver stack.

Responsible

Linux

Reservation

04/16/2025

Disclosure

05/01/2025

Moderation

accepted

CPE

ready

EPSS

0.00169

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!