CVE-2025-39870

HIGH

Linux kernel - Buffer Overflow

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix double free in idxd_setup_wqs() The clean up in idxd_setup_wqs() has had a couple bugs because the error handling is a bit subtle. It's simpler to just re-write it in a cleaner way. The issues here are: 1) If "idxd->max_wqs" is <= 0 then we call put_device(conf_dev) when "conf_dev" hasn't been initialized. 2) If kzalloc_node() fails then again "conf_dev" is invalid. It's either uninitialized or it points to the "conf_dev" from the previous iteration so it leads to a double free. It's better to free partial loop iterations within the loop and then the unwinding at the end can handle whole loop iterations. I also renamed the labels to describe what the goto does and not where the goto was located.

References (6)

Scores

CVSS v3 7.8
EPSS 0.0002
EPSS Percentile 4.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-415
Status published
Products (8)
debian/debian_linux 11.0
linux/Kernel < 6.1.153linux
linux/Kernel 6.13.0 - 6.16.8linux
linux/Kernel 6.2.0 - 6.6.107linux
linux/Kernel 6.7.0 - 6.12.48linux
linux/linux_kernel 6.15 (2 CPE variants)
linux/linux_kernel 6.17 rc1 (5 CPE variants)
linux/linux_kernel 6.1.140 - 6.1.153
Published Sep 23, 2025
Tracked Since Feb 18, 2026