PT-2025-25843 · Linux+4 · Linux Kernel+4

Kwilczynski

Published

2025-03-08

Updated

2026-05-26

CVE-2025-38069

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A double free issue in the Linux kernel has been resolved. The issue occurred during the initialization of the Endpoint driver, specifically when handling the PERST# deassertion. The pci epf test alloc space() function allocates all BARs, which are freed if epc set bar() fails. However, the error path did not clear the previous assignment to epf test->reg[bar], leading to a double free situation when the host reboots and the BAR allocation sequence restarts. The fix ensures that pci epf alloc space() and pci epf free space() invocations are symmetric, and sets epf test->reg[bar] to NULL when memory is freed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

BDU:2026-02239

CVE-2025-38069

ECHO-F25A-CC8C-3737

USN-7769-1

USN-7769-2

USN-7769-3

USN-7770-1

USN-7771-1

USN-7789-1

USN-7789-2

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Ubuntu

PT-2025-25843 · Linux+4 · Linux Kernel+4

CVE-2025-38069

Weakness Enumeration

Related Identifiers

Affected Products

References · 224