CVE-2025-39870

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s dmaengine subsystem, specifically within the idxd setup wqs() function. The issue involves a potential double free condition during cleanup operations. This can occur if idxd->max wqs is less than or equal to zero, leading to a call to put device(conf dev) before conf dev is initialized. Additionally, a double free can happen if memory allocation via kzalloc node() fails, resulting in conf dev being invalid or pointing to a previously freed device. The issue is addressed by restructuring the cleanup process to free partial loop iterations within the loop itself, simplifying error handling and improving code clarity.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Double Free

Access of Uninitialized Pointer

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415CWE-824

Related Identifiers

BDU:2025-13893

CVE-2025-39870

DLA-4328-1

ECHO-60A1-7798-247D

MGASA-2025-0309

MGASA-2025-0310

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:03600-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20851-1

SUSE-SU-2025:20861-1

SUSE-SU-2025:20870-1

SUSE-SU-2025:20898-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025:3751-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4141-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Suse

Ubuntu

CVE-2025-39870

Weakness Enumeration

Related Identifiers

Affected Products

References · 3524