{"id":"CVE-2025-39882","summary":"drm/mediatek: fix potential OF node use-after-free","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: fix potential OF node use-after-free\n\nThe for_each_child_of_node() helper drops the reference it takes to each\nnode as it iterates over children and an explicit of_node_put() is only\nneeded when exiting the loop early.\n\nDrop the recently introduced bogus additional reference count decrement\nat each iteration that could potentially lead to a use-after-free.","modified":"2026-03-20T12:43:05.005310Z","published":"2025-09-23T06:00:51.036Z","related":["MGASA-2025-0309","MGASA-2025-0310","SUSE-SU-2025:03600-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20851-1","SUSE-SU-2025:20861-1","SUSE-SU-2025:20870-1","SUSE-SU-2025:20898-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","SUSE-SU-2025:3751-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4141-1","openSUSE-SU-2025:20081-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39882.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/4de37a48b6b58faaded9eb765047cf0d8785ea18"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b2fbe0f9f80b9cfa1e06ddcf8b863d918394ef1d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b58a26cdd4795c1ce6a80e38e9348885555dacd6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c4901802ed1ce859242e10af06e6a7752cba0497"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39882.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39882"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"7d98166183d627c0b9daca7672b2191fae0f8a03"},{"fixed":"b2fbe0f9f80b9cfa1e06ddcf8b863d918394ef1d"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"31ce7c089b50c3d3056c37e0e25e7535e4428ae1"},{"fixed":"b58a26cdd4795c1ce6a80e38e9348885555dacd6"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"fae58d0155a979a8c414bbc12db09dd4b2f910d0"},{"fixed":"c4901802ed1ce859242e10af06e6a7752cba0497"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1f403699c40f0806a707a9a6eed3b8904224021a"},{"fixed":"4de37a48b6b58faaded9eb765047cf0d8785ea18"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39882.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}