English
EN
Français
FR
Language
English
EN
Français
FR

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2025-39870

High
Low Medium High Critical
7.8
CVSS Score
Published: Sep 23, 2025
Last Modified: Jan 20, 2026
CWE: CWE-415

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Fix double free in idxd_setup_wqs()

The clean up in idxd_setup_wqs() has had a couple bugs because the error
handling is a bit subtle. It's simpler to just re-write it in a cleaner
way. The issues here are:

1) If "idxd->max_wqs" is <= 0 then we call put_device(conf_dev) when
"conf_dev" hasn't been initialized.
2) If kzalloc_node() fails then again "conf_dev" is invalid. It's
either uninitialized or it points to the "conf_dev" from the
previous iteration so it leads to a double free.

It's better to free partial loop iterations within the loop and then
the unwinding at the end can handle whole loop iterations. I also
renamed the labels to describe what the goto does and not where the goto
was located.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
L
Attack Complexity
L
Privileges Required
L
User Interaction
N
Scope
U
Confidentiality
H
Integrity
H
Availability
H

Known Affected Software

72 configuration(s) from 2 vendor(s)

debian_linux
Version:
11.0
CPE:
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
linux_kernel
Version:
6.1.150
CPE:
cpe:2.3:o:linux:linux_kernel:6.1.150:*:*:*:*:*:*:*
linux_kernel
Version:
6.15.1
CPE:
cpe:2.3:o:linux:linux_kernel:6.15.1:*:*:*:*:*:*:*
linux_kernel
Version:
6.6.94
CPE:
cpe:2.3:o:linux:linux_kernel:6.6.94:*:*:*:*:*:*:*
linux_kernel
Version:
6.1.148
CPE:
cpe:2.3:o:linux:linux_kernel:6.1.148:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.38
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.38:*:*:*:*:*:*:*
linux_kernel
Version:
6.14.10
CPE:
cpe:2.3:o:linux:linux_kernel:6.14.10:*:*:*:*:*:*:*
linux_kernel
Version:
6.1.149
CPE:
cpe:2.3:o:linux:linux_kernel:6.1.149:*:*:*:*:*:*:*
linux_kernel
Version:
6.6.97
CPE:
cpe:2.3:o:linux:linux_kernel:6.6.97:*:*:*:*:*:*:*
linux_kernel
Version:
6.15.8
CPE:
cpe:2.3:o:linux:linux_kernel:6.15.8:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.35
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.35:*:*:*:*:*:*:*
linux_kernel
Version:
6.15.4
CPE:
cpe:2.3:o:linux:linux_kernel:6.15.4:*:*:*:*:*:*:*
linux_kernel
Version:
6.15.10
CPE:
cpe:2.3:o:linux:linux_kernel:6.15.10:*:*:*:*:*:*:*
linux_kernel
Version:
6.15.2
CPE:
cpe:2.3:o:linux:linux_kernel:6.15.2:*:*:*:*:*:*:*
linux_kernel
Version:
6.1.144
CPE:
cpe:2.3:o:linux:linux_kernel:6.1.144:*:*:*:*:*:*:*
linux_kernel
Version:
6.6.92
CPE:
cpe:2.3:o:linux:linux_kernel:6.6.92:*:*:*:*:*:*:*
linux_kernel
Version:
6.6.106
CPE:
cpe:2.3:o:linux:linux_kernel:6.6.106:*:*:*:*:*:*:*
linux_kernel
Version:
6.1.143
CPE:
cpe:2.3:o:linux:linux_kernel:6.1.143:*:*:*:*:*:*:*
linux_kernel
Version:
6.15
CPE:
cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*
linux_kernel
Version:
6.6.103
CPE:
cpe:2.3:o:linux:linux_kernel:6.6.103:*:*:*:*:*:*:*
linux_kernel
Version:
6.14.11
CPE:
cpe:2.3:o:linux:linux_kernel:6.14.11:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.39
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.39:*:*:*:*:*:*:*
linux_kernel
Version:
6.6.98
CPE:
cpe:2.3:o:linux:linux_kernel:6.6.98:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.44
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.44:*:*:*:*:*:*:*
linux_kernel
Version:
6.6.95
CPE:
cpe:2.3:o:linux:linux_kernel:6.6.95:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.32
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.32:*:*:*:*:*:*:*
linux_kernel
Version:
6.14.8
CPE:
cpe:2.3:o:linux:linux_kernel:6.14.8:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.47
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.47:*:*:*:*:*:*:*
linux_kernel
Version:
6.16.7
CPE:
cpe:2.3:o:linux:linux_kernel:6.16.7:*:*:*:*:*:*:*
linux_kernel
Version:
6.6.101
CPE:
cpe:2.3:o:linux:linux_kernel:6.6.101:*:*:*:*:*:*:*
linux_kernel
Version:
6.6.102
CPE:
cpe:2.3:o:linux:linux_kernel:6.6.102:*:*:*:*:*:*:*
linux_kernel
Version:
6.6.105
CPE:
cpe:2.3:o:linux:linux_kernel:6.6.105:*:*:*:*:*:*:*
linux_kernel
Version:
6.16.2
CPE:
cpe:2.3:o:linux:linux_kernel:6.16.2:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.30
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.30:*:*:*:*:*:*:*
linux_kernel
Version:
6.15.9
CPE:
cpe:2.3:o:linux:linux_kernel:6.15.9:*:*:*:*:*:*:*
linux_kernel
Version:
6.15.11
CPE:
cpe:2.3:o:linux:linux_kernel:6.15.11:*:*:*:*:*:*:*
linux_kernel
Version:
6.16.5
CPE:
cpe:2.3:o:linux:linux_kernel:6.16.5:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.33
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.33:*:*:*:*:*:*:*
linux_kernel
Version:
6.1.147
CPE:
cpe:2.3:o:linux:linux_kernel:6.1.147:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.34
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.34:*:*:*:*:*:*:*
linux_kernel
Version:
6.15.6
CPE:
cpe:2.3:o:linux:linux_kernel:6.15.6:*:*:*:*:*:*:*
linux_kernel
Version:
6.16.1
CPE:
cpe:2.3:o:linux:linux_kernel:6.16.1:*:*:*:*:*:*:*
linux_kernel
Version:
6.6.100
CPE:
cpe:2.3:o:linux:linux_kernel:6.6.100:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.42
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.42:*:*:*:*:*:*:*
linux_kernel
Version:
6.6.96
CPE:
cpe:2.3:o:linux:linux_kernel:6.6.96:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.46
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.46:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.37
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.37:*:*:*:*:*:*:*
linux_kernel
Version:
6.6.93
CPE:
cpe:2.3:o:linux:linux_kernel:6.6.93:*:*:*:*:*:*:*
linux_kernel
Version:
6.1.146
CPE:
cpe:2.3:o:linux:linux_kernel:6.1.146:*:*:*:*:*:*:*
linux_kernel
Version:
6.16.3
CPE:
cpe:2.3:o:linux:linux_kernel:6.16.3:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.36
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.36:*:*:*:*:*:*:*
linux_kernel
Version:
6.17
CPE:
cpe:2.3:o:linux:linux_kernel:6.17:-:*:*:*:*:*:*
linux_kernel
Version:
6.15.7
CPE:
cpe:2.3:o:linux:linux_kernel:6.15.7:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.31
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.31:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.45
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.45:*:*:*:*:*:*:*
linux_kernel
Version:
6.16
CPE:
cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*
linux_kernel
Version:
6.1.145
CPE:
cpe:2.3:o:linux:linux_kernel:6.1.145:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.43
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.43:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.40
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.40:*:*:*:*:*:*:*
linux_kernel
Version:
6.6.104
CPE:
cpe:2.3:o:linux:linux_kernel:6.6.104:*:*:*:*:*:*:*
linux_kernel
Version:
6.16.4
CPE:
cpe:2.3:o:linux:linux_kernel:6.16.4:*:*:*:*:*:*:*
linux_kernel
Version:
6.12.41
CPE:
cpe:2.3:o:linux:linux_kernel:6.12.41:*:*:*:*:*:*:*
linux_kernel
Version:
6.1.141
CPE:
cpe:2.3:o:linux:linux_kernel:6.1.141:*:*:*:*:*:*:*
linux_kernel
Version:
6.1.142
CPE:
cpe:2.3:o:linux:linux_kernel:6.1.142:*:*:*:*:*:*:*
linux_kernel
Version:
6.14.9
CPE:
cpe:2.3:o:linux:linux_kernel:6.14.9:*:*:*:*:*:*:*
linux_kernel
Version:
6.1.152
CPE:
cpe:2.3:o:linux:linux_kernel:6.1.152:*:*:*:*:*:*:*
linux_kernel
Version:
6.15.5
CPE:
cpe:2.3:o:linux:linux_kernel:6.15.5:*:*:*:*:*:*:*
linux_kernel
Version:
6.6.99
CPE:
cpe:2.3:o:linux:linux_kernel:6.6.99:*:*:*:*:*:*:*
linux_kernel
Version:
6.16.6
CPE:
cpe:2.3:o:linux:linux_kernel:6.16.6:*:*:*:*:*:*:*
linux_kernel
Version:
6.1.151
CPE:
cpe:2.3:o:linux:linux_kernel:6.1.151:*:*:*:*:*:*:*
linux_kernel
Version:
6.15.3
CPE:
cpe:2.3:o:linux:linux_kernel:6.15.3:*:*:*:*:*:*:*
linux_kernel
Version:
6.1.140
CPE:
cpe:2.3:o:linux:linux_kernel:6.1.140:*:*:*:*:*:*:*
This vulnerability affects 72 software configuration(s). Ensure you patch all affected systems.

Available Security Patches

10 patches available from vendors

View All Patches
Canonical (Ubuntu)

USN-8261-1

USN-8261-1: Linux kernel (Xilinx) vulnerabilities

Severity
Unknown
Released
May 07, 2026
Restart Required
Security Update
View Details Vendor Page
Canonical (Ubuntu)

USN-8165-1

USN-8165-1: Linux kernel (Azure FIPS) vulnerabilities

Severity
Unknown
Released
Apr 09, 2026
Restart Required
Security Update
View Details Vendor Page
Canonical (Ubuntu)

USN-8095-5

USN-8095-5: Linux kernel (Raspberry Pi) vulnerabilities

Severity
Unknown
Released
Apr 01, 2026
Restart Required
Security Update
View Details Vendor Page
Canonical (Ubuntu)

USN-8126-1

USN-8126-1: Linux kernel (Azure) vulnerabilities

Severity
Unknown
Released
Mar 25, 2026
Restart Required
Security Update
View Details Vendor Page
Canonical (Ubuntu)

USN-8125-1

USN-8125-1: Linux kernel (Azure) vulnerabilities

Severity
Unknown
Released
Mar 25, 2026
Restart Required
Security Update
View Details Vendor Page
Canonical (Ubuntu)

USN-8095-4

USN-8095-4: Linux kernel (AWS) vulnerabilities

Severity
Unknown
Released
Mar 23, 2026
Restart Required
Security Update
View Details Vendor Page
Canonical (Ubuntu)

USN-8095-3

USN-8095-3: Linux kernel (Real-time) vulnerabilities

Severity
Unknown
Released
Mar 17, 2026
Restart Required
Security Update
View Details Vendor Page
Canonical (Ubuntu)

USN-8095-2

USN-8095-2: Linux kernel (FIPS) vulnerabilities

Severity
Unknown
Released
Mar 16, 2026
Restart Required
Security Update
View Details Vendor Page
Canonical (Ubuntu)

USN-8100-1

USN-8100-1: Linux kernel (NVIDIA) vulnerabilities

Severity
Unknown
Released
Mar 16, 2026
Restart Required
Security Update
View Details Vendor Page
Canonical (Ubuntu)

USN-8095-1

USN-8095-1: Linux kernel vulnerabilities

Severity
Unknown
Released
Mar 16, 2026
Restart Required
Security Update
View Details Vendor Page
Browse All Security Patches

References & Resources

Severity Details

7.8
out of 10.0
High

Weakness Type (CWE)

CWE-415

Double Free

Description
The product calls free() twice on the same memory address.
Exploit Likelihood
High
Typical Severity
Medium
Abstraction Level
Variant
View CWE Details on MITRE

Key Information

Published Date
September 23, 2025

External Resources

NIST
NIST NVD
National Vulnerability Database
MT
MITRE CVE
Official CVE record