Acknowledged
Created: Sep 23, 2025
Updated: Sep 25, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]dmaengine: idxd: Fix double free in idxd_setup_wqs()[EOL][EOL]The clean up in idxd_setup_wqs() has had a couple bugs because the error[EOL]handling is a bit subtle. It's simpler to just re-write it in a cleaner[EOL]way. The issues here are:[EOL][EOL]1) If "idxd->max_wqs" is <= 0 then we call put_device(conf_dev) when[EOL] "conf_dev" hasn't been initialized.[EOL]2) If kzalloc_node() fails then again "conf_dev" is invalid. It's[EOL] either uninitialized or it points to the "conf_dev" from the[EOL] previous iteration so it leads to a double free.[EOL][EOL]It's better to free partial loop iterations within the loop and then[EOL]the unwinding at the end can handle whole loop iterations. I also[EOL]renamed the labels to describe what the goto does and not where the goto[EOL]was located.
