Bug 2422694 (CVE-2025-68228)

Summary: CVE-2025-68228 kernel: drm/plane: Fix create_in_format_blob() return value
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-12-16 14:04:19 UTC 
In the Linux kernel, the following vulnerability has been resolved:

drm/plane: Fix create_in_format_blob() return value

create_in_format_blob() is either supposed to return a valid
pointer or an error, but never NULL. The caller will dereference
the blob when it is not an error, and thus will oops if NULL
returned. Return proper error values in the failure cases.
Comment 1 Alexander B 2025-12-17 02:29:18 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-68228-43e1@gregkh/T