CVE-2025-38206
BaseFortify
Publication date: 2025-07-04
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.7 (inc) to 5.10.239 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.186 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.15.4 (exc) |
| debian | debian_linux | 11.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-415 | The product calls free() twice on the same memory address. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a double free bug in the Linux kernel's exfat filesystem code. Specifically, it occurs in the function exfat_create_upcase_table() when an error causes the exfat_free_upcase_table() function to free the same memory twice (vol_utbl). This double free happens during the cleanup process in exfat_kill_sb() via delayed_free(), potentially leading to memory corruption or crashes. The patch fixes this by setting the pointer to NULL after freeing it to prevent the double free.
How can this vulnerability impact me? :
The double free vulnerability can lead to memory corruption, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code with kernel privileges. This can compromise the security and reliability of systems using the affected Linux kernel exfat filesystem implementation.