CVE-2025-38699

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: bfa: Double-free fix

When the bfad_im_probe() function fails during initialization, the memory pointed to by bfad->im is freed without setting bfad->im to NULL.

Subsequently, during driver uninstallation, when the state machine enters the bfad_sm_stopping state and calls the bfad_im_probe_undo() function, it attempts to free the memory pointed to by bfad->im again, thereby triggering a double-free vulnerability.

Set bfad->im to NULL if probing fails.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7725ccfda59715ecf8f99e3b520a0b84cc2ea79e < 684c92bb08a25ed3c0356bc7eb532ed5b19588ddaffected
LinuxLinux7725ccfda59715ecf8f99e3b520a0b84cc2ea79e < 9337c2affbaebe00b75fdf84ea0e2fcf93c140afaffected
LinuxLinux7725ccfda59715ecf8f99e3b520a0b84cc2ea79e < ba024d92564580bb90ec367248ace8efe16ce815affected
LinuxLinux7725ccfda59715ecf8f99e3b520a0b84cc2ea79e < 8e03dd9fadf76db5b9799583074a1a2a54f787f1affected
LinuxLinux7725ccfda59715ecf8f99e3b520a0b84cc2ea79e < 39cfe2c83146aad956318f866d0ee471b7a61fa5affected
LinuxLinux7725ccfda59715ecf8f99e3b520a0b84cc2ea79e < 13f613228cf3c96a038424cd97aa4d6aadc66294affected
LinuxLinux7725ccfda59715ecf8f99e3b520a0b84cc2ea79e < 8456f862cb95bcc3a831e1ba87c0c17068be0f3faffected
LinuxLinux7725ccfda59715ecf8f99e3b520a0b84cc2ea79e < 50d9bd48321038bd6e15af5a454bbcd180cf6f80affected
LinuxLinux7725ccfda59715ecf8f99e3b520a0b84cc2ea79e < add4c4850363d7c1b72e8fce9ccb21fdd2cf5dc9affected
LinuxLinux2.6.32affected
LinuxLinux0 < 2.6.32unaffected
LinuxLinux5.4.297 <= 5.4.*unaffected
LinuxLinux5.10.241 <= 5.10.*unaffected
LinuxLinux5.15.190 <= 5.15.*unaffected
LinuxLinux6.1.149 <= 6.1.*unaffected
LinuxLinux6.6.103 <= 6.6.*unaffected
LinuxLinux6.12.43 <= 6.12.*unaffected
LinuxLinux6.15.11 <= 6.15.*unaffected
LinuxLinux6.16.2 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

Additional References

References