CVE-2025-38313

bus: fsl-mc: fix double-free on mc_dev

Description

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix double-free on mc_dev The blamed commit tried to simplify how the deallocations are done but, in the process, introduced a double-free on the mc_dev variable. In case the MC device is a DPRC, a new mc_bus is allocated and the mc_dev variable is just a reference to one of its fields. In this circumstance, on the error path only the mc_bus should be freed. This commit introduces back the following checkpatch warning which is a false-positive. WARNING: kfree(NULL) is safe and this check is probably not required + if (mc_bus) + kfree(mc_bus);

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/12e4431e5078847791936820bd39df9e1ee26d2e
https://git.kernel.org/stable/c/3135e03a92f6b5259d0a7f25f728e9e7866ede3f
https://git.kernel.org/stable/c/7002b954c4a8b9965ba0f139812ee4a6f71beac8
https://git.kernel.org/stable/c/b2057374f326303c86d8423415ab58656eebc695
https://git.kernel.org/stable/c/4b23c46eb2d88924b93aca647bde9a4b9cf62cf9
https://git.kernel.org/stable/c/1d5baab39e5b09a76870b345cdee7933871b881f
https://git.kernel.org/stable/c/873d47114fd5e5a1cad2018843671537cc71ac84
https://git.kernel.org/stable/c/d694bf8a9acdbd061596f3e7549bc8cb70750a60

Frequently Asked Questions

What is the severity of CVE-2025-38313?
CVE-2025-38313 has not yet been assigned a CVSS score.
How to fix CVE-2025-38313?
To fix CVE-2025-38313, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38313 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38313 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38313?
CVE-2025-38313 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.