7.8

CVE-2025-38313

bus: fsl-mc: fix double-free on mc_dev

In the Linux kernel, the following vulnerability has been resolved:

bus: fsl-mc: fix double-free on mc_dev

The blamed commit tried to simplify how the deallocations are done but,
in the process, introduced a double-free on the mc_dev variable.

In case the MC device is a DPRC, a new mc_bus is allocated and the
mc_dev variable is just a reference to one of its fields. In this
circumstance, on the error path only the mc_bus should be freed.

This commit introduces back the following checkpatch warning which is a
false-positive.

WARNING: kfree(NULL) is safe and this check is probably not required
+       if (mc_bus)
+               kfree(mc_bus);
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.13 < 5.4.295
LinuxLinux Kernel Version >= 5.5 < 5.10.239
LinuxLinux Kernel Version >= 5.11 < 5.15.186
LinuxLinux Kernel Version >= 5.16 < 6.1.142
LinuxLinux Kernel Version >= 6.2 < 6.6.94
LinuxLinux Kernel Version >= 6.7 < 6.12.34
LinuxLinux Kernel Version >= 6.13 < 6.15.3
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.052
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-415 Double Free

The product calls free() twice on the same memory address.

https://git.kernel.org/stable/c/12e4431e5078847791936820bd39df9e1ee26d2e
Patch
https://git.kernel.org/stable/c/3135e03a92f6b5259d0a7f25f728e9e7866ede3f
Patch
https://git.kernel.org/stable/c/7002b954c4a8b9965ba0f139812ee4a6f71beac8
Patch
https://git.kernel.org/stable/c/b2057374f326303c86d8423415ab58656eebc695
Patch
https://git.kernel.org/stable/c/4b23c46eb2d88924b93aca647bde9a4b9cf62cf9
Patch
https://git.kernel.org/stable/c/1d5baab39e5b09a76870b345cdee7933871b881f
Patch
https://git.kernel.org/stable/c/873d47114fd5e5a1cad2018843671537cc71ac84
Patch
https://git.kernel.org/stable/c/d694bf8a9acdbd061596f3e7549bc8cb70750a60
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory