Orange Kao

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A segmentation fault issue has been resolved in the Linux kernel, specifically in the EDAC/igen6 module. The fault occurs during module unload due to a double free error. This happens because `mci->pvt info` is not set to NULL, causing `kfree(mci->pvt info)` to be called twice. The issue arises from the allocation of `igen6 pvt` with `kzalloc()` in `igen6 probe()` and the assignment of `mci->pvt info` to point to `&igen6 pvt->imc[mc]` in `igen6 register mci()`. During module removal, `kfree(mci->pvt info)` is called in `mci release()`, followed by `kfree(igen6 pvt)` in `igen6 remove()`. **Recommendations** To fix this issue, set `mci->pvt info` to NULL to avoid the double free error. This can be achieved by modifying the `igen6 register mci()` function to set `mci->pvt info` to NULL before calling `kfree(mci->pvt info)`. As a temporary workaround, consider disabling the `igen6 probe()` function until a patch is available. Restrict access to the `edac mc.c` module to minimize the risk of exploitation. Avoid using the `mci->pvt info` variable in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.