← Back

CVE-2025-37817

nvd nist
Published: May 8, 2025Modified: Nov 12, 2025

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: mcb: fix a double free bug in chameleon_parse_gdd() In chameleon_parse_gdd(), if mcb_device_register() fails, 'mdev' would be released in mcb_device_register() via put_device(). Thus, goto 'err' label and free 'mdev' again causes a double free. Just return if mcb_device_register() fails.

Affected (11)

Linux
1 product
Linux Kernel
Debian
1 product
Debian Linux
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
From 3.15 to 5.4.293
Linux Kernel
From 5.11 to 5.15.181
Linux Kernel
From 5.16 to 6.1.136
Linux Kernel
From 5.5 to 5.10.237
Linux Kernel
From 6.13 to 6.14.5
Linux Kernel
From 6.2 to 6.6.89
Linux Kernel
From 6.7 to 6.12.26
Linux Kernel
Version 6.15 rc1
Linux Kernel
Version 6.15 rc2
Linux Kernel
Version 6.15 rc3
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 11.0

Related CWEs

CWE-415
Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (10)

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory

Timeline

No history available yet.