Impact
A use‑after‑free flaw exists in the Linux kernel DRM subsystem when closing an xe_eu_stall stream. During the close routine, drm_dev_put is called before the stream has been disabled and its resources released. If this drops the last reference to the device structure, the structure may be freed while later cleanup code still accesses it, which can lead to memory corruption or a kernel crash. This classic use‑after‑free issue can destabilize the system.
Affected Systems
The vulnerability affects any Linux kernel that contains the xe_eu_stall DRM driver prior to the commit that moves drm_dev_put after all device accesses are finished. The affected releases are therefore all kernel versions that have not incorporated the 35aff528f7297e949e5e19c9cd7fd748cf1cf21c change. No specific version range is listed, so hosts running a kernel without this patch are at risk.
Risk and Exploitability
The CVSS score of 7.8 indicates high severity. The EPSS score is <1%, so exploitation is unlikely. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker would need to trigger a xe_eu_stall stream close, which typically requires local or privileged access to the DRM driver. The potential impact is memory corruption or a kernel crash, which could lead to denial‑of‑service, but no publicly known exploits exist.
OpenCVE Enrichment