CVE-2025-71307
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
In the Linux kernel, a NULL pointer dereference vulnerability was found in the Panthor DRM driver during panthor_fw_unplug(). The issue occurs when the MCU is in various states or the firmware is not loaded/initialized. The fix removes the MCU halt and wait procedures that could cause the error.
Risk Assessment
The risk involves a potential critical error (NULL pointer dereference) leading to a kernel panic when unplugging the Panthor driver, which may cause service disruption or data loss.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit removing unsafe procedures in panthor_fw_unplug()). Monitor official security advisories from your Linux distribution.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug This patch removes the MCU halt and wait for halt procedures during panthor_fw_unplug() as the MCU can be in a variety of states or the FW may not even be loaded/initialized at all, the latter of which can lead to a NULL pointer dereference. It should be safe on unplug to just disable the MCU without waiting for it to halt as it may not be able to.

