CVE-2025-38699

Published: Sep 4, 2025Modified: May 12, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Double-free fix When the bfad_im_probe() function fails during initialization, the memory pointed to by bfad->im is freed without setting bfad->im to NULL. Subsequently, during driver uninstallation, when the state machine enters the bfad_sm_stopping state and calls the bfad_im_probe_undo() function, it attempts to free the memory pointed to by bfad->im again, thereby triggering a double-free vulnerability. Set bfad->im to NULL if probing fails.

Affected (15)

Products: Linux: Linux Kernel · Debian: Debian Linux

1 product

1 product

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 2.6.33 to 5.4.297
Linux Linux Kernel	From 5.11 to 5.15.190
Linux Linux Kernel	From 5.16 to 6.1.149
Linux Linux Kernel	From 5.5 to 5.10.241
Linux Linux Kernel	From 6.13 to 6.15.11
Linux Linux Kernel	From 6.16 to 6.16.2
Linux Linux Kernel	From 6.2 to 6.6.103
Linux Linux Kernel	From 6.7 to 6.12.43
Linux Linux Kernel	Version 2.6.32
Linux Linux Kernel	Version 2.6.32 rc4
Linux Linux Kernel	Version 2.6.32 rc5
Linux Linux Kernel	Version 2.6.32 rc6
Linux Linux Kernel	Version 2.6.32 rc7
Linux Linux Kernel	Version 2.6.32 rc8

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 11.0

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (12)

https://git.kernel.org/stable/c/13f613228cf3c96a038424cd97aa4d6aadc66294

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/39cfe2c83146aad956318f866d0ee471b7a61fa5

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/50d9bd48321038bd6e15af5a454bbcd180cf6f80

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/684c92bb08a25ed3c0356bc7eb532ed5b19588dd

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/8456f862cb95bcc3a831e1ba87c0c17068be0f3f

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/8e03dd9fadf76db5b9799583074a1a2a54f787f1

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/9337c2affbaebe00b75fdf84ea0e2fcf93c140af

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/add4c4850363d7c1b72e8fce9ccb21fdd2cf5dc9

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/ba024d92564580bb90ec367248ace8efe16ce815

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://cert-portal.siemens.com/productcert/html/ssa-032379.html

Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e

Timeline

No history available yet.