exploitDog

CVE-2025-37817

Опубликовано: 08 мая 2025

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

mcb: fix a double free bug in chameleon_parse_gdd()

In chameleon_parse_gdd(), if mcb_device_register() fails, 'mdev' would be released in mcb_device_register() via put_device(). Thus, goto 'err' label and free 'mdev' again causes a double free. Just return if mcb_device_register() fails.

Ссылки

https://git.kernel.org/stable/c/4ffe8c9fb561e4427dd1a3056cd5b3685b74f78d
Patch
https://git.kernel.org/stable/c/59f993cd36b6e28a394ba3d977e8ffe5c9884e3b
Patch
https://git.kernel.org/stable/c/7c7f1bfdb2249f854a736d9b79778c7e5a29a150
Patch
https://git.kernel.org/stable/c/96838eb1836fd372e42be5db84f0b333b65146a6
Patch
https://git.kernel.org/stable/c/bcc7d58ee5173e34306026bd01e1fbf75e169d37
Patch
https://git.kernel.org/stable/c/c5b8a549ef1fcc6066b037a3962c79d60465ba0b
Patch
https://git.kernel.org/stable/c/d70184958b0ea8c0fd52e2b456654b503e769fc8
Patch
https://git.kernel.org/stable/c/df1a5d5c6134224f9298e5189230f9d29ae50cac
Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.15 (включая) до 5.4.293 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.5 (включая) до 5.10.237 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.11 (включая) до 5.15.181 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.16 (включая) до 6.1.136 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.2 (включая) до 6.6.89 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.7 (включая) до 6.12.26 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.13 (включая) до 6.14.5 (исключая)

cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.15:rc3:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 6%

0.00025

Низкий

7.8 High

CVSS3

Дефекты

CWE-415

Связанные уязвимости

CVE-2025-37817

CVSS3: 7.8

ubuntu

9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: mcb: fix a double free bug in chameleon_parse_gdd() In chameleon_parse_gdd(), if mcb_device_register() fails, 'mdev' would be released in mcb_device_register() via put_device(). Thus, goto 'err' label and free 'mdev' again causes a double free. Just return if mcb_device_register() fails.

CVE-2025-37817

CVSS3: 5.5

redhat

9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: mcb: fix a double free bug in chameleon_parse_gdd() In chameleon_parse_gdd(), if mcb_device_register() fails, 'mdev' would be released in mcb_device_register() via put_device(). Thus, goto 'err' label and free 'mdev' again causes a double free. Just return if mcb_device_register() fails.

CVE-2025-37817

CVSS3: 5.5

msrc

7 месяцев назад

mcb: fix a double free bug in chameleon_parse_gdd()

CVE-2025-37817

CVSS3: 7.8

debian

9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: m ...

GHSA-j5r6-fgq5-9wcx

CVSS3: 7.8

github

9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: mcb: fix a double free bug in chameleon_parse_gdd() In chameleon_parse_gdd(), if mcb_device_register() fails, 'mdev' would be released in mcb_device_register() via put_device(). Thus, goto 'err' label and free 'mdev' again causes a double free. Just return if mcb_device_register() fails.

EPSS

Процентиль: 6%

0.00025

Низкий

7.8 High

CVSS3

Дефекты

CWE-415