Vulnerability-Lookup

FKIE_CVE-2025-71307

Vulnerability from fkie_nvd - Published: 2026-05-27 14:16 - Updated: 2026-05-27 14:48

Severity

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug This patch removes the MCU halt and wait for halt procedures during panthor_fw_unplug() as the MCU can be in a variety of states or the FW may not even be loaded/initialized at all, the latter of which can lead to a NULL pointer dereference. It should be safe on unplug to just disable the MCU without waiting for it to halt as it may not be able to.

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/920c6af98e98e6afedf6318a75bac95af8415c6c
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/aab8b8a42e206a399fe3a5ed4b4cbb45ff6c546c

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panthor: Fix NULL pointer dereference on panthor_fw_unplug\n\nThis patch removes the MCU halt and wait for halt procedures during\npanthor_fw_unplug() as the MCU can be in a variety of states or the FW\nmay not even be loaded/initialized at all, the latter of which can lead\nto a NULL pointer dereference.\n\nIt should be safe on unplug to just disable the MCU without waiting for\nit to halt as it may not be able to."
    }
  ],
  "id": "CVE-2025-71307",
  "lastModified": "2026-05-27T14:48:31.480",
  "metrics": {},
  "published": "2026-05-27T14:16:43.283",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/920c6af98e98e6afedf6318a75bac95af8415c6c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/aab8b8a42e206a399fe3a5ed4b4cbb45ff6c546c"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

CVE-2025-71307 (GCVE-0-2025-71307)

Vulnerability from cvelistv5 – Published: 2026-05-27 12:14 – Updated: 2026-05-27 12:14

Title

drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug

Summary

Severity

No CVSS data available.

Assigner

Linux

References

2 references

URL	Tags
https://git.kernel.org/stable/c/aab8b8a42e206a399…
https://git.kernel.org/stable/c/920c6af98e98e6afe…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 51407254986501b19681d55531963f1ea58e89cd , < aab8b8a42e206a399fe3a5ed4b4cbb45ff6c546c (git) Affected: 51407254986501b19681d55531963f1ea58e89cd , < 920c6af98e98e6afedf6318a75bac95af8415c6c (git)
Linux	Linux	Affected: 6.19 Unaffected: 0 , < 6.19 (semver) Unaffected: 6.19.4 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/panthor/panthor_fw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "aab8b8a42e206a399fe3a5ed4b4cbb45ff6c546c",
              "status": "affected",
              "version": "51407254986501b19681d55531963f1ea58e89cd",
              "versionType": "git"
            },
            {
              "lessThan": "920c6af98e98e6afedf6318a75bac95af8415c6c",
              "status": "affected",
              "version": "51407254986501b19681d55531963f1ea58e89cd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/panthor/panthor_fw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.19"
            },
            {
              "lessThan": "6.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.4",
                  "versionStartIncluding": "6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "6.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panthor: Fix NULL pointer dereference on panthor_fw_unplug\n\nThis patch removes the MCU halt and wait for halt procedures during\npanthor_fw_unplug() as the MCU can be in a variety of states or the FW\nmay not even be loaded/initialized at all, the latter of which can lead\nto a NULL pointer dereference.\n\nIt should be safe on unplug to just disable the MCU without waiting for\nit to halt as it may not be able to."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-27T12:14:59.693Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/aab8b8a42e206a399fe3a5ed4b4cbb45ff6c546c"
        },
        {
          "url": "https://git.kernel.org/stable/c/920c6af98e98e6afedf6318a75bac95af8415c6c"
        }
      ],
      "title": "drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-71307",
    "datePublished": "2026-05-27T12:14:59.693Z",
    "dateReserved": "2026-05-08T13:14:33.088Z",
    "dateUpdated": "2026-05-27T12:14:59.693Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2025-71307

CVE-2025-71307 (GCVE-0-2025-71307)

Tags

Sightings

Nomenclature