github - ghsa-349q-hp2f-r4hf

ghsa-349q-hp2f-r4hf

Vulnerability from github

Published

2025-07-04 15:31

Modified

2025-07-04 15:31

Details

In the Linux kernel, the following vulnerability has been resolved:

exfat: fix double free in delayed_free

The double free could happen in the following path.

exfat_create_upcase_table() exfat_create_upcase_table() : return error exfat_free_upcase_table() : free ->vol_utbl exfat_load_default_upcase_table : return error exfat_kill_sb() delayed_free() exfat_free_upcase_table() <--------- double free This patch set ->vol_util as NULL after freeing it.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-38206"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-04T14:15:28Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix double free in delayed_free\n\nThe double free could happen in the following path.\n\nexfat_create_upcase_table()\n        exfat_create_upcase_table() : return error\n        exfat_free_upcase_table() : free -\u003evol_utbl\n        exfat_load_default_upcase_table : return error\n     exfat_kill_sb()\n           delayed_free()\n                  exfat_free_upcase_table() \u003c--------- double free\nThis patch set -\u003evol_util as NULL after freeing it.",
  "id": "GHSA-349q-hp2f-r4hf",
  "modified": "2025-07-04T15:31:09Z",
  "published": "2025-07-04T15:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38206"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/13d8de1b6568dcc31a95534ced16bc0c9a67bc15"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1f3d9724e16d62c7d42c67d6613b8512f2887c22"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/66e84439ec2af776ce749e8540f8fdd257774152"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d3cef0e7a5c1aa6217c51faa9ce8ecac35d6e1fd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2025-38206 (GCVE-0-2025-38206)

Vulnerability from cvelistv5

Published

2025-07-04 13:37

Modified

2025-07-28 04:15

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayed_free The double free could happen in the following path. exfat_create_upcase_table() exfat_create_upcase_table() : return error exfat_free_upcase_table() : free ->vol_utbl exfat_load_default_upcase_table : return error exfat_kill_sb() delayed_free() exfat_free_upcase_table() <--------- double free This patch set ->vol_util as NULL after freeing it.

References

URL

Tags

	https://git.kernel.org/stable/c/13d8de1b6568dcc31a95534ced16bc0c9a67bc15
	https://git.kernel.org/stable/c/66e84439ec2af776ce749e8540f8fdd257774152
	https://git.kernel.org/stable/c/d3cef0e7a5c1aa6217c51faa9ce8ecac35d6e1fd
	https://git.kernel.org/stable/c/1f3d9724e16d62c7d42c67d6613b8512f2887c22

Impacted products

Vendor

Product

Version

Linux

Version: 1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003
Version: 1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003
Version: 1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003
Version: 1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003

Linux

Version: 5.7

Show details on NVD website