CVE-2025-68172
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: aspeed - fix double free caused by devm
The clock obtained via devm_clk_get_enabled() is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clk_disable_unprepare() in error path and remove function causes double free.
Remove the manual clock cleanup in both aspeed_acry_probe()'s error path and aspeed_acry_remove().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 2f1cf4e50c956f882c9fc209c7cded832b67b8a3 < 0dd6474ced33489076e6c0f3fe5077bf12e85b28 | affected |
| Linux | Linux | 2f1cf4e50c956f882c9fc209c7cded832b67b8a3 < 29d0504077044a7e1ffbd09a6118018d5954a6e5 | affected |
| Linux | Linux | 2f1cf4e50c956f882c9fc209c7cded832b67b8a3 < e8407dfd267018f4647ffb061a9bd4a6d7ebacc6 | affected |
| Linux | Linux | 2f1cf4e50c956f882c9fc209c7cded832b67b8a3 < 3c9bf72cc1ced1297b235f9422d62b613a3fdae9 | affected |
| Linux | Linux | 6.3 | affected |
| Linux | Linux | 0 < 6.3 | unaffected |
| Linux | Linux | 6.6.117 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.58 <= 6.12.* | unaffected |
| Linux | Linux | 6.17.8 <= 6.17.* | unaffected |
| Linux | Linux | 6.18 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/0dd6474ced33489076e6c0f3fe5077bf12e85b28
- https://git.kernel.org/stable/c/29d0504077044a7e1ffbd09a6118018d5954a6e5
- https://git.kernel.org/stable/c/e8407dfd267018f4647ffb061a9bd4a6d7ebacc6
- https://git.kernel.org/stable/c/3c9bf72cc1ced1297b235f9422d62b613a3fdae9
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.