CVE-2025-38682

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A double-free vulnerability exists in the i2c core, specifically within the i2c unregister device() function. This issue occurs when an i2c client has a software fwnode as its primary node. The fwnode handle put() function is called on the software node twice, once directly and again within device remove software node(), leading to a use-after-free condition and potential system instability. The vulnerability was addressed by preventing the call to fwnode handle put() when the primary fwnode is a software node.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.