Linux Kernel Vulnerability in PCI Endpoint Driver by Linux Foundation
CVE-2025-38069

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 June 2025

What is CVE-2025-38069?

A double free vulnerability in the Linux kernel occurs when the PCI endpoint driver, specifically during the initialization of the stm32_pcie Endpoint driver, fails to deallocate memory correctly. When pci_epf_test_alloc_space() allocates memory for the Base Address Registers (BARs) and encounters an error during epc_set_bar(), it does not clear the reference to epf_test->reg[bar]. This oversight results in a potential double free situation upon a host reboot, leading to system instability. Ensuring that the allocations and deallocations are handled symmetrically by setting the reference to NULL upon memory free is crucial to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 349e7a85b25fa6ee82902d9be2cc5f3bec815120

Linux 349e7a85b25fa6ee82902d9be2cc5f3bec815120 < 8b83893d1f6c6061a7d58169ecdf9d5ee9f306ee

Linux 349e7a85b25fa6ee82902d9be2cc5f3bec815120 < 934e9d137d937706004c325fa1474f9e3f1ba10a

References

https://git.kernel.org/stable/c/fe2329eff5bee461ebcafadb6...
https://git.kernel.org/stable/c/8b83893d1f6c6061a7d58169e...
https://git.kernel.org/stable/c/934e9d137d937706004c325fa...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.