#VU112815 Double free in Linux kernel - CVE-2025-38313


Vulnerability identifier: #VU112815

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38313

CWE-ID: CWE-415

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the fsl_mc_device_add() function in drivers/bus/fsl-mc/fsl-mc-bus.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/12e4431e5078847791936820bd39df9e1ee26d2e
https://git.kernel.org/stable/c/1d5baab39e5b09a76870b345cdee7933871b881f
https://git.kernel.org/stable/c/3135e03a92f6b5259d0a7f25f728e9e7866ede3f
https://git.kernel.org/stable/c/4b23c46eb2d88924b93aca647bde9a4b9cf62cf9
https://git.kernel.org/stable/c/7002b954c4a8b9965ba0f139812ee4a6f71beac8
https://git.kernel.org/stable/c/873d47114fd5e5a1cad2018843671537cc71ac84
https://git.kernel.org/stable/c/b2057374f326303c86d8423415ab58656eebc695
https://git.kernel.org/stable/c/d694bf8a9acdbd061596f3e7549bc8cb70750a60

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


openEuler 24.03 LTS SP2 update for kernel
openEuler 24.03 LTS update for kernel
openEuler 24.03 LTS SP1 update for kernel
Anolis OS update for kernel:6.6
openEuler 22.03 LTS SP3 update for kernel
openEuler 22.03 LTS SP4 update for kernel
Ubuntu update for linux-raspi
Ubuntu update for linux-nvidia-tegra-igx
Ubuntu update for linux-kvm
Ubuntu update for linux-oracle-6.14