CVE-2025-22097

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Apr 16, 2025
Updated: Apr 25, 2025
CWE ID 416

Summary

CVE-2025-22097 is a vulnerability affecting the Linux kernel's drm/vkms driver. If the driver initialization fails, the vkms_exit() function may attempt to access an uninitialized or freed default_config pointer, leading to use-after-free and double-free issues. These errors can result in unpredictable behavior or application crashes. The vulnerability has been resolved by initializing default_config only when the driver initialization is successful.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share