CVE-2025-22096: 
Linux Debian vulnerability analysis and mitigation

A vulnerability in the Linux kernel's DRM/MSM/GEM subsystem was discovered and assigned CVE-2025-22096. The issue relates to incorrect error code handling in the msm_parse_deps() function, where the SUBMIT_ERROR() macro turns the error code negative, but an extra '-' operation incorrectly turns it back to positive EINVAL. This leads to the error code being passed to ERR_PTR(), and since positive values are not recognized by IS_ERR(), it eventually results in a kernel oops (NVD CVE, Debian Tracker).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The technical issue stems from improper error code handling in the Linux kernel's DRM subsystem, specifically in the msm_parse_deps() function. The vulnerability occurs when the SUBMIT_ERROR() macro processes error codes, where an additional negative operation incorrectly converts the error value (Red Hat XML).

When exploited, this vulnerability leads to a kernel oops condition, potentially causing system instability or denial of service. The CVSS scoring indicates high impact on availability (A:H) while maintaining no impact on confidentiality (C:N) or integrity (I:N) (Red Hat XML).

The vulnerability has been fixed by removing the extra '-' operation in the code. Various Linux distributions have addressed this issue in their releases: Debian Bookworm has fixed it in version 6.1.133-1, and Bullseye in version 5.10.234-1. Red Hat Enterprise Linux versions 6, 7, 8, and 9 are not affected by this vulnerability (Debian Tracker, Red Hat XML).