CVE-2025-38069
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-18

Last updated on: 2025-11-14

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops Fix a kernel oops found while testing the stm32_pcie Endpoint driver with handling of PERST# deassertion: During EP initialization, pci_epf_test_alloc_space() allocates all BARs, which are further freed if epc_set_bar() fails (for instance, due to no free inbound window). However, when pci_epc_set_bar() fails, the error path: pci_epc_set_bar() -> pci_epf_free_space() does not clear the previous assignment to epf_test->reg[bar]. Then, if the host reboots, the PERST# deassertion restarts the BAR allocation sequence with the same allocation failure (no free inbound window), creating a double free situation since epf_test->reg[bar] was deallocated and is still non-NULL. Thus, make sure that pci_epf_alloc_space() and pci_epf_free_space() invocations are symmetric, and as such, set epf_test->reg[bar] to NULL when memory is freed. [kwilczynski: commit log]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-18
Last Modified
2025-11-14
Generated
2026-05-07
AI Q&A
2025-06-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38069
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-415 The product calls free() twice on the same memory address.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a double free bug in the Linux kernel's PCI endpoint test driver (pci-epf-test). During the initialization of the PCI endpoint function, memory for Base Address Registers (BARs) is allocated. If an error occurs during BAR setup (such as no free inbound window), the allocated memory is freed but the pointer is not cleared. If the host reboots and the initialization sequence repeats with the same failure, the system attempts to free the same memory again, causing a double free and leading to a kernel oops (crash). The fix ensures that pointers are set to NULL after freeing memory to prevent this double free.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash (kernel oops) due to a double free error in the PCI endpoint test driver. Such crashes can lead to system instability, potential denial of service, and unexpected reboots, impacting system availability and reliability.


What immediate steps should I take to mitigate this vulnerability?

Update the Linux kernel to a version that includes the fix for the pci-epf-test double free vulnerability. The fix ensures that memory freed during BAR allocation failures is properly cleared to prevent kernel oops. Until the update is applied, avoid scenarios that trigger the PERST# deassertion and BAR allocation failure sequence, such as repeated host reboots causing the endpoint to reinitialize with no free inbound window.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart