Acknowledged
Created: Jul 10, 2025
Updated: Jul 14, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]bus: fsl-mc: fix double-free on mc_dev[EOL][EOL]The blamed commit tried to simplify how the deallocations are done but,[EOL]in the process, introduced a double-free on the mc_dev variable.[EOL][EOL]In case the MC device is a DPRC, a new mc_bus is allocated and the[EOL]mc_dev variable is just a reference to one of its fields. In this[EOL]circumstance, on the error path only the mc_bus should be freed.[EOL][EOL]This commit introduces back the following checkpatch warning which is a[EOL]false-positive.[EOL][EOL]WARNING: kfree(NULL) is safe and this check is probably not required[EOL]+ if (mc_bus)[EOL]+ kfree(mc_bus);
CREATE(Triage):(User=admin) [CVE-2025-38313 (https://nvd.nist.gov/vuln/detail/CVE-2025-38313)
