CVE-2025-68233: The Zombie PID Apocalypse in Tegra Drivers

Amit Schendel

Senior Security Researcher

Jan 15, 2026·5 min read·2 visits

No Known Exploit

Executive Summary (TL;DR)

The Linux kernel's Tegra DRM driver forgot to release references to Process IDs (PIDs) after using them. Local attackers can trigger this repeatedly to exhaust kernel memory, essentially DDoSing the system from the inside.

A deep dive into a resource management failure in the Linux kernel's Tegra DRM driver, where a missing reference release creates a 'slow death' memory leak scenario.

Attack Flow Diagram

Official Patches

Linux KernelMainline fix commit

Fix Analysis (1)

Technical Appendix

CVSS Score

3.3/ 10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

EPSS Probability

0.02%

Top 94% most exploited

Affected Systems

Linux Kernel (Tegra DRM Driver)NVIDIA Jetson Series (Nano, TX2, Xavier, Orin)Tegra-based Automotive Systems

Affected Versions Detail

Product	Affected Versions	Fixed Version
Linux Kernel Linux	>= 6.0	6.18

Attribute	Detail
CVSS	3.3 (Low)
Attack Vector	Local (IOCTL)
Impact	Denial of Service (Memory Exhaustion)
Component	drivers/gpu/drm/tegra
CWE	CWE-401 (Memory Leak)
Exploit Status	Theoretical / Trivial

MITRE ATT&CK Mapping

T1499Endpoint Denial of Service

Impact

T1499.004Application or System Exploitation

Impact

CWE-401

Memory Leak

Improper Release of Memory Before Removing Last Reference

Vulnerability Timeline

Vulnerability Disclosed & Patched

2025-12-16

Added to NVD

2025-12-18

EPSS Score Updated

2026-01-14