CVE-2025-38069
PCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
PCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops Fix a kernel oops found while testing the stm32_pcie Endpoint driver with handling of PERST# deassertion: During EP initialization, pci_epf_test_alloc_space() allocates all BARs, which are further freed if epc_set_bar() fails (for instance, due to no free inbound window). However, when pci_epc_set_bar() fails, the error path: pci_epc_set_bar() -> pci_epf_free_space() does not clear the previous assignment to epf_test->reg[bar]. Then, if the host reboots, the PERST# deassertion restarts the BAR allocation sequence with the same allocation failure (no free inbound window), creating a double free situation since epf_test->reg[bar] was deallocated and is still non-NULL. Thus, make sure that pci_epf_alloc_space() and pci_epf_free_space() invocations are symmetric, and as such, set epf_test->reg[bar] to NULL when memory is freed. [kwilczynski: commit log]
Reserved 2025-04-16 | Published 2025-06-18 | Updated 2025-06-18 | Assigner Linuxgit.kernel.org/...c/fe2329eff5bee461ebcafadb6ca1df0cbf5945fd
git.kernel.org/...c/8b83893d1f6c6061a7d58169ecdf9d5ee9f306ee
git.kernel.org/...c/934e9d137d937706004c325fa1474f9e3f1ba10a
Support options
