Main Vulnerability Database SB20250619185

SB20250619185 - Use-after-free in Linux kernel endpoint functions driver

Published: June 19, 2025

Security Bulletin ID SB20250619185

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2025-38069)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pci_epf_test_set_bar() and pci_epf_test_free_space() functions in drivers/pci/endpoint/functions/pci-epf-test.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/8b83893d1f6c6061a7d58169ecdf9d5ee9f306ee
https://git.kernel.org/stable/c/934e9d137d937706004c325fa1474f9e3f1ba10a
https://git.kernel.org/stable/c/fe2329eff5bee461ebcafadb6ca1df0cbf5945fd