Double free in Linux kernel irqchip driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2025-37819 |
| CWE-ID | CWE-415 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Double free
EUVDB-ID: #VU108816
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37819
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the gicv2m_of_init() function in drivers/irqchip/irq-gic-v2m.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 6.14 - 6.14.4
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:6.14:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.14.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.14.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.14.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.14.4:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/2f2803e4b5e4df2b08d378deaab78b1681ef9b30
https://git.kernel.org/stable/c/3318dc299b072a0511d6dfd8367f3304fb6d9827
https://git.kernel.org/stable/c/3939d6f29d34cdb60e3f68b76e39e00a964a1d51
https://git.kernel.org/stable/c/47bee0081b483b077c7560bc5358ad101f89c8ef
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
