PT-2025-20346 · Linux+5 · Linux Kernel+5

Published

2025-04-15

Updated

2026-05-26

CVE-2025-37817

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A double free bug has been identified in the chameleon parse gdd() function. When mcb device register() fails, the mdev device is released via put device(). However, if the function then proceeds to the 'err' label, it attempts to free mdev again, resulting in a double free. To fix this issue, the function now returns immediately if mcb device register() fails.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

BDU:2025-12062

CVE-2025-37817

DLA-4178-1

DLA-4193-1

ECHO-4CD8-165F-F438

MGASA-2025-0182

MGASA-2025-0183

OESA-2025-1878

OESA-2025-1879

OESA-2025-1880

USN-7594-1

USN-7594-2

USN-7594-3

USN-7654-1

USN-7654-2

USN-7654-3

USN-7654-4

USN-7654-5

USN-7655-1

USN-7686-1

USN-7711-1

USN-7712-1

USN-7712-2

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Ubuntu

PT-2025-20346 · Linux+5 · Linux Kernel+5

CVE-2025-37817

Weakness Enumeration

Related Identifiers

Affected Products

References · 1598