CVE-2025-37817

HIGH EPSS 6.8%
Published May 8, 20251y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published May 8, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: mcb: fix a double free bug in chameleon_parse_gdd() In chameleon_parse_gdd(), if mcb_device_register() fails, 'mdev' would be released in mcb_device_register() via put_device(). Thus, goto 'err' label and free 'mdev' again causes a double free. Just return if mcb_device_register() fails.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
6.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-415

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥3.15  –  <5.4.293
linuxlinux_kernel*≥5.5  –  <5.10.237
linuxlinux_kernel*≥5.11  –  <5.15.181
linuxlinux_kernel*≥5.16  –  <6.1.136
linuxlinux_kernel*≥6.2  –  <6.6.89
linuxlinux_kernel*≥6.7  –  <6.12.26
linuxlinux_kernel*≥6.13  –  <6.14.5
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
debiandebian_linux11.0any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/4ffe8c9fb561e4427dd1a3056cd5b3685b74f78d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/59f993cd36b6e28a394ba3d977e8ffe5c9884e3b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7c7f1bfdb2249f854a736d9b79778c7e5a29a150
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/96838eb1836fd372e42be5db84f0b333b65146a6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bcc7d58ee5173e34306026bd01e1fbf75e169d37
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c5b8a549ef1fcc6066b037a3962c79d60465ba0b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d70184958b0ea8c0fd52e2b456654b503e769fc8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/df1a5d5c6134224f9298e5189230f9d29ae50cac
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/4ffe8c9fb561e4427dd1a3056cd5b3685b74f78d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/59f993cd36b6e28a394ba3d977e8ffe5c9884e3b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7c7f1bfdb2249f854a736d9b79778c7e5a29a150
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/96838eb1836fd372e42be5db84f0b333b65146a6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bcc7d58ee5173e34306026bd01e1fbf75e169d37
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c5b8a549ef1fcc6066b037a3962c79d60465ba0b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d70184958b0ea8c0fd52e2b456654b503e769fc8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/df1a5d5c6134224f9298e5189230f9d29ae50cac
    Patch