CVE-2025-37763: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-37763 is a vulnerability discovered in the Linux kernel affecting the DRM (Direct Rendering Manager) subsystem, specifically in the Imagination Technologies GPU driver component. The vulnerability was disclosed on May 1, 2025, and involves a use-after-free bug in the GPU job scheduling mechanism (NVD, Wiz).

The vulnerability occurs in the drm/imagination driver where fragment jobs fail to maintain proper references to geometry jobs, potentially leading to a use-after-free condition. The issue manifests when the geometry job structure is accessed during fragment job preparation by the GPU scheduler, but the geometry job might have been freed prematurely. This was detected by the Kernel Address Sanitizer (KASAN) which reported a slab-use-after-free error in the pvrqueueprepare_job function. The vulnerability has been assigned a CVSS v3 Base Score of 5.5, indicating moderate severity (Red Hat).

The vulnerability could lead to system instability or potential crashes when using the affected GPU driver. The use-after-free condition could result in memory corruption and potentially affect the system's graphics subsystem operation (Wiz).

The vulnerability has been fixed in various Linux distributions. Debian has marked it as fixed in versions 6.12.25-1 for sid, while it remains vulnerable in version 6.12.22-1 for trixie. Earlier versions in bullseye and bookworm are not affected as they don't contain the vulnerable code (Debian Tracker).