7.8
CVE-2025-38206
- EPSS 0.16%
- Veröffentlicht 04.07.2025 13:37:25
- Zuletzt bearbeitet 18.12.2025 21:17:09
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
exfat: fix double free in delayed_free
In the Linux kernel, the following vulnerability has been resolved:
exfat: fix double free in delayed_free
The double free could happen in the following path.
exfat_create_upcase_table()
exfat_create_upcase_table() : return error
exfat_free_upcase_table() : free ->vol_utbl
exfat_load_default_upcase_table : return error
exfat_kill_sb()
delayed_free()
exfat_free_upcase_table() <--------- double free
This patch set ->vol_util as NULL after freeing it.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.7 < 5.10.239
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.186
Linux ≫ Linux Kernel Version >= 5.16 < 6.15.4
Debian ≫ Debian Linux Version11.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.05 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-415 Double Free
The product calls free() twice on the same memory address.
https://git.kernel.org/stable/c/13d8de1b6568dcc31a95534ced16bc0c9a67bc15
https://git.kernel.org/stable/c/66e84439ec2af776ce749e8540f8fdd257774152
https://git.kernel.org/stable/c/d3cef0e7a5c1aa6217c51faa9ce8ecac35d6e1fd
https://git.kernel.org/stable/c/1f3d9724e16d62c7d42c67d6613b8512f2887c22
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html