Wind River Support Network

HomeDefectsLIN1023-12902

Fixed

LIN1023-12902 : Security Advisory - linux - CVE-2025-37817

Created: May 9, 2025 Updated: May 28, 2025

Resolved Date: May 25, 2025

Found In Version: 10.23.30.1

Fix Version: 10.23.30.17

Severity: Standard

Applicable for: Wind River Linux LTS 23

Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:

mcb: fix a double free bug in chameleon_parse_gdd()

In chameleon_parse_gdd(), if mcb_device_register() fails, 'mdev'
would be released in mcb_device_register() via put_device().
Thus, goto 'err' label and free 'mdev' again causes a double free.
Just return if mcb_device_register() fails.

CVEs

CVE-2025-37817