CVE-2025-68754

Linux Kernel 6.13-6.17.12, 6.18.0-6.18.1 - Use-After-Free in RTC Amlogic-A4 Driver

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double free caused by devm The clock obtained via devm_clk_get_enabled() is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clk_disable_unprepare() in error path and remove function causes double free. Remove the redundant clk_disable_unprepare() calls from the probe error path and aml_rtc_remove(), allowing the devm framework to automatically manage the clock lifecycle.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/9fed02c16488050cd4e33e045506336b216d7301

Patch

https://git.kernel.org/stable/c/2e1c79299036614ac32b251d145fad5391f4bcab

Patch

https://git.kernel.org/stable/c/384150d7a5b60c1086790a8ee07b0629f906cca2

Scores

EPSS 0.0003

EPSS Percentile 9.7%

Details

Status published

Products (10)

linux/Kernel 6.13.0 - 6.17.13linux

linux/Kernel 6.18.0 - 6.18.2linux

Linux/Linux < 6.13

Linux/Linux 6.13

Linux/Linux 6.17.13 - 6.17.*

Linux/Linux 6.18.2 - 6.18.*

Linux/Linux 6.19

Linux/Linux c89ac9182ee297597f1c6971045382bae19c3f9d - 2e1c79299036614ac32b251d145fad5391f4bcab

Linux/Linux c89ac9182ee297597f1c6971045382bae19c3f9d - 384150d7a5b60c1086790a8ee07b0629f906cca2

Linux/Linux c89ac9182ee297597f1c6971045382bae19c3f9d - 9fed02c16488050cd4e33e045506336b216d7301

Published Jan 05, 2026

Tracked Since Feb 18, 2026