CVE-2025-38206 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayed_free The double free could happen in the following path. exfat_create_upcase_table() exfat_create_upcase_table() : return error exfat_free_upcase_table() : free ->vol_utbl exfat_load_default_upcase_table : return error exfat_kill_sb() delayed_free() exfat_free_upcase_table() <--------- double free This patch set ->vol_util as NULL after freeing it.

PUBLISHED Reserved 2025-04-16 | Published 2025-07-04 | Updated 2026-05-11 | Assigner Linux

Product status

Default status

unaffected

1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 (git) before 13d8de1b6568dcc31a95534ced16bc0c9a67bc15

affected

1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 (git) before 66e84439ec2af776ce749e8540f8fdd257774152

affected

1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 (git) before d3cef0e7a5c1aa6217c51faa9ce8ecac35d6e1fd

affected

1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 (git) before 1f3d9724e16d62c7d42c67d6613b8512f2887c22

affected

Default status

affected

5.7

affected

Any version before 5.7

unaffected

5.10.239 (semver)

unaffected

5.15.186 (semver)

unaffected

6.15.4 (semver)

unaffected

6.16 (original_commit_for_fix)

unaffected

References

lists.debian.org/debian-lts-announce/2025/10/msg00007.html

git.kernel.org/...c/13d8de1b6568dcc31a95534ced16bc0c9a67bc15

git.kernel.org/...c/66e84439ec2af776ce749e8540f8fdd257774152

git.kernel.org/...c/d3cef0e7a5c1aa6217c51faa9ce8ecac35d6e1fd

git.kernel.org/...c/1f3d9724e16d62c7d42c67d6613b8512f2887c22

cve.org (CVE-2025-38206)

nvd.nist.gov (CVE-2025-38206)

Download JSON

help @ threatint.eu