7.8

CVE-2025-38341

eth: fbnic: avoid double free when failing to DMA-map FW msg

In the Linux kernel, the following vulnerability has been resolved:

eth: fbnic: avoid double free when failing to DMA-map FW msg

The semantics are that caller of fbnic_mbx_map_msg() retains
the ownership of the message on error. All existing callers
dutifully free the page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.11 < 6.12.35
LinuxLinux Kernel Version >= 6.13 < 6.15.4
LinuxLinux Kernel Version6.16 Updaterc1
LinuxLinux Kernel Version6.16 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.046
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-415 Double Free

The product calls free() twice on the same memory address.

https://git.kernel.org/stable/c/670179265ad787b9dd8e701601914618b8927755
Patch
https://git.kernel.org/stable/c/0a211e23852019ef55c70094524e87a944accbb5
Patch
https://git.kernel.org/stable/c/5bd1bafd4474ee26f504b41aba11f3e2a1175b88
Patch