CVE-2025-68338
Use-After-Free in Linux Kernel Microchip DSA IRQ Handling
Publication date: 2025-12-23
Last updated on: 2025-12-23
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microchip | ksz_irq | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's Microchip DSA driver where the function ksz_irq_free() may be called on an uninitialized ksz_irq structure if an error happens during setup, such as when ksz_ptp_irq_setup() fails. This leads to freeing uninitialized IRQ numbers and/or domains, which is improper and can cause system instability or crashes. The fix involves using dsa_switch_for_each_user_port_continue_reverse() in the error path to ensure only fully initialized ports are iterated over and freed.
How can this vulnerability impact me? :
The vulnerability can cause system instability or crashes due to improper freeing of uninitialized IRQ numbers and domains. This may affect the reliability and availability of systems using the affected Linux kernel driver, potentially leading to unexpected behavior or downtime.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the Linux kernel is updated to a version where the issue is resolved. Specifically, the fix involves using dsa_switch_for_each_user_port_continue_reverse() in the error path to avoid freeing uninitialized IRQ numbers. Applying the latest kernel patches or updates from your Linux distribution that include this fix is recommended.