CVE-2025-39870
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-23

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix double free in idxd_setup_wqs() The clean up in idxd_setup_wqs() has had a couple bugs because the error handling is a bit subtle. It's simpler to just re-write it in a cleaner way. The issues here are: 1) If "idxd->max_wqs" is <= 0 then we call put_device(conf_dev) when "conf_dev" hasn't been initialized. 2) If kzalloc_node() fails then again "conf_dev" is invalid. It's either uninitialized or it points to the "conf_dev" from the previous iteration so it leads to a double free. It's better to free partial loop iterations within the loop and then the unwinding at the end can handle whole loop iterations. I also renamed the labels to describe what the goto does and not where the goto was located.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-23
Last Modified
2025-11-03
Generated
2026-05-07
AI Q&A
2025-09-23
EPSS Evaluated
2026-05-05
NVD
CVE-2025-39870
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux 6.1.153-1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a double free bug in the Linux kernel's dmaengine idxd driver, specifically in the idxd_setup_wqs() function. The error handling in this function is flawed, causing it to sometimes free the same device object twice. This happens when idxd->max_wqs is less than or equal to zero or when memory allocation with kzalloc_node() fails, leading to invalid or uninitialized pointers being freed multiple times.


How can this vulnerability impact me? :

A double free vulnerability can lead to undefined behavior such as kernel crashes, memory corruption, or potential escalation of privileges. Exploiting this bug could allow an attacker to destabilize the system or execute arbitrary code with kernel privileges.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart