CVE-2025-38421

Summary

In the Linux kernel, the following vulnerability has been resolved:

platform/x86/amd: pmf: Use device managed allocations

If setting up smart PC fails for any reason then this can lead to a double free when unloading amd-pmf. This is because dev->buf was freed but never set to NULL and is again freed in amd_pmf_remove().

To avoid subtle allocation bugs in failures leading to a double free change all allocations into device managed allocations.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux5b1122fc4995f308b21d7cfc64ef9880ac834d20 < 0d10b532f861253c283863522d59d099fcb0796daffected
LinuxLinux5b1122fc4995f308b21d7cfc64ef9880ac834d20 < d9db3a941270d92bbd1a6a6b54a10324484f2f2daffected
LinuxLinuxe70b4b8f93d7fcf8ee063a1d1f18782c4da3d335affected
LinuxLinux3ed60e51ffdbfef14169bd967e21a6ba5e5ff42baffected
LinuxLinux6.12.23 < 6.13affected
LinuxLinux6.13.11 < 6.14affected
LinuxLinux6.14affected
LinuxLinux0 < 6.14unaffected
LinuxLinux6.15.4 <= 6.15.*unaffected
LinuxLinux6.16 <= *unaffected

Weaknesses

References