CVE Catalog

CVE-2025-71307

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

3th percentile - higher than 3% of all known CVEs

Summary

In the Linux kernel, a NULL pointer dereference vulnerability was found in the Panthor DRM driver during panthor_fw_unplug(). The issue occurs when the MCU is in various states or the firmware is not loaded/initialized. The fix removes the MCU halt and wait procedures that could cause the error.

Risk Assessment

The risk involves a potential critical error (NULL pointer dereference) leading to a kernel panic when unplugging the Panthor driver, which may cause service disruption or data loss.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit removing unsafe procedures in panthor_fw_unplug()). Monitor official security advisories from your Linux distribution.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug This patch removes the MCU halt and wait for halt procedures during panthor_fw_unplug() as the MCU can be in a variety of states or the FW may not even be loaded/initialized at all, the latter of which can lead to a NULL pointer dereference. It should be safe on unplug to just disable the MCU without waiting for it to halt as it may not be able to.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS