CVE-2025-68172

Linux Kernel 6.3-6.6.116, 6.7-6.12.57, 6.13-6.17.7 - Use-After-Free in ASPEED Crypto Driver Clock Management

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: aspeed - fix double free caused by devm The clock obtained via devm_clk_get_enabled() is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clk_disable_unprepare() in error path and remove function causes double free. Remove the manual clock cleanup in both aspeed_acry_probe()'s error path and aspeed_acry_remove().

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/0dd6474ced33489076e6c0f3fe5077bf12e85b28

Patch

https://git.kernel.org/stable/c/29d0504077044a7e1ffbd09a6118018d5954a6e5

Patch

https://git.kernel.org/stable/c/e8407dfd267018f4647ffb061a9bd4a6d7ebacc6

Patch

https://git.kernel.org/stable/c/3c9bf72cc1ced1297b235f9422d62b613a3fdae9

Scores

EPSS 0.0003

EPSS Percentile 8.4%

Details

Status published

Products (13)

linux/Kernel 6.13.0 - 6.17.8linux

linux/Kernel 6.3.0 - 6.6.117linux

linux/Kernel 6.7.0 - 6.12.58linux

Linux/Linux < 6.3

Linux/Linux 2f1cf4e50c956f882c9fc209c7cded832b67b8a3 - 0dd6474ced33489076e6c0f3fe5077bf12e85b28

Linux/Linux 2f1cf4e50c956f882c9fc209c7cded832b67b8a3 - 29d0504077044a7e1ffbd09a6118018d5954a6e5

Linux/Linux 2f1cf4e50c956f882c9fc209c7cded832b67b8a3 - 3c9bf72cc1ced1297b235f9422d62b613a3fdae9

Linux/Linux 2f1cf4e50c956f882c9fc209c7cded832b67b8a3 - e8407dfd267018f4647ffb061a9bd4a6d7ebacc6

Linux/Linux 6.12.58 - 6.12.*

Linux/Linux 6.17.8 - 6.17.*

... and 3 more

Published Dec 16, 2025

Tracked Since Feb 18, 2026