Double Free Vulnerability in Linux Kernel’s AMD PMF Device Management
CVE-2025-38421

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38421?

A vulnerability in the Linux kernel related to the AMD Platform Management Firmware (PMF) may lead to a double free condition during device management operations. When the system attempts to unload the amd-pmf driver, improper handling of resource deallocation can cause a previously freed memory buffer to be accessed again for deallocation, resulting in potential system instability and security risks. This issue emphasizes the necessity for robust memory management practices to prevent subtle bugs during device operations.

Affected Version(s)

Linux 5b1122fc4995f308b21d7cfc64ef9880ac834d20 < 0d10b532f861253c283863522d59d099fcb0796d

Linux 5b1122fc4995f308b21d7cfc64ef9880ac834d20

Linux e70b4b8f93d7fcf8ee063a1d1f18782c4da3d335

References

https://git.kernel.org/stable/c/0d10b532f861253c283863522...

https://git.kernel.org/stable/c/d9db3a941270d92bbd1a6a6b5...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025