Double Free Vulnerability in Linux Kernel exfat Module
CVE-2025-38206

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 July 2025

What is CVE-2025-38206?

A double free vulnerability exists in the exfat module of the Linux kernel, specifically during the process of handling upcase tables. This issue occurs when the exfat_create_upcase_table function encounters an error, subsequently leading to a double free condition during memory cleanup operations within exfat_kill_sb. This could result in memory corruption and potential exploitation. The vulnerability is mitigated by setting the pointer to NULL after it has been freed, preventing further access to the deallocated memory segment.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 13d8de1b6568dcc31a95534ced16bc0c9a67bc15

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 66e84439ec2af776ce749e8540f8fdd257774152

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/13d8de1b6568dcc31a95534ce...
https://git.kernel.org/stable/c/66e84439ec2af776ce749e854...
https://git.kernel.org/stable/c/d3cef0e7a5c1aa6217c51faa9...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38206 : Double Free Vulnerability in Linux Kernel exfat Module