Double-Free Vulnerability in Linux Kernel Affecting SCSI Drivers
CVE-2025-38699

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 September 2025

What is CVE-2025-38699?

A flaw in the Linux kernel concerning SCSI drivers allows for a double-free vulnerability during device initialization and uninstallation. The issue arises in the bfad_im_probe() function, where failure to properly nullify the memory pointer leads to an attempt to free the same memory location twice. This can result in potential undefined behavior, application crashes, or exploitation by malicious actors. Proper modification necessitates setting the pointer to NULL after memory has been freed to mitigate risks during the driver lifecycle.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e < 684c92bb08a25ed3c0356bc7eb532ed5b19588dd

Linux 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e < 9337c2affbaebe00b75fdf84ea0e2fcf93c140af

Linux 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e

References

https://git.kernel.org/stable/c/684c92bb08a25ed3c0356bc7e...
https://git.kernel.org/stable/c/9337c2affbaebe00b75fdf84e...
https://git.kernel.org/stable/c/ba024d92564580bb90ec36724...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.