CVE-2025-37763
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Imagination GPU driver for the Linux kernel. When paired geometry and fragment jobs are processed, the fragment job can access freed memory from the geometry job, potentially leading to system crashes or arbitrary code execution. This affects Linux systems using the PowerVR/Imagination GPU driver.
💻 Affected Systems
- Linux kernel with Imagination/PowerVR GPU driver (drm/imagination)
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory corruption leading to privilege escalation, system crash, or arbitrary code execution with kernel privileges.
Likely Case
System instability, kernel panics, or denial of service when GPU-intensive operations trigger the bug.
If Mitigated
Limited to denial of service if exploit attempts are contained by kernel protections like KASAN or SMAP.
🎯 Exploit Status
Exploitation requires local access and ability to trigger specific GPU job sequences. KASAN detection suggests memory corruption is reliably triggerable.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 4ba2abe154ef68f9612eee9d6fbfe53a1736b064, b5a6f97a78e2fc008fd6503b7040cb7e1120b873, or c90b95e12eb88d23740e5ea2c43d71675d17ac8d
Vendor Advisory: https://git.kernel.org/stable/c/4ba2abe154ef68f9612eee9d6fbfe53a1736b064
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Rebuild kernel if compiling from source. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable Imagination GPU driver
linuxRemove or blacklist the vulnerable drm/imagination driver module
echo 'blacklist pvr' >> /etc/modprobe.d/blacklist.conf
rmmod pvr
🧯 If You Can't Patch
- Restrict local user access to systems with vulnerable driver
- Monitor for kernel panic logs related to KASAN or GPU driver crashes
🔍 How to Verify
Check if Vulnerable:
Check if Imagination GPU driver is loaded: lsmod | grep pvr && check kernel version against patched commitsCheck Version:
uname -rVerify Fix Applied:
Verify kernel includes fix commits: git log --oneline | grep -E '4ba2abe1|b5a6f97a|c90b95e1'📡 Detection & Monitoring
Log Indicators:
- KASAN slab-use-after-free errors in dmesg
- kernel panic messages mentioning pvr_queue_prepare_job
SIEM Query:
source="kernel" AND "KASAN: slab-use-after-free" AND "pvr_queue_prepare_job"