CVE-2025-38423

Published: Jul 25, 2025Modified: Nov 19, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd9375: Fix double free of regulator supplies Driver gets regulator supplies in probe path with devm_regulator_bulk_get(), so should not call regulator_bulk_free() in error and remove paths to avoid double free.

Affected (2)

Products: Linux: Linux Kernel

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.11 to 6.12.35
Linux Linux Kernel	From 6.13 to 6.15.4

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (3)

https://git.kernel.org/stable/c/63fe298652d4eda07d738bfcbbc59d1343a675ef

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/c8228b5f3d74fd8ad4dfc79d5d601eb6fca5e63e

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/ce30258c05d39b62a05c99016d7148b3bf60fbdc

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.