Bug 2422735 (CVE-2025-68170)

Summary: CVE-2025-68170 kernel: drm/radeon: Do not kfree() devres managed rdev
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-12-16 14:07:33 UTC 
In the Linux kernel, the following vulnerability has been resolved:

drm/radeon: Do not kfree() devres managed rdev

Since the allocation of the drivers main structure was changed to
devm_drm_dev_alloc() rdev is managed by devres and we shouldn't be calling
kfree() on it.

This fixes things exploding if the driver probe fails and devres cleans up
the rdev after we already free'd it.

(cherry picked from commit 16c0681617b8a045773d4d87b6140002fa75b03b)
Comment 1 Alexander B 2025-12-16 23:45:18 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025121628-CVE-2025-68170-6a22@gregkh/T