CVE-2025-38206 — Double Free in Linux
Severity
7.8HIGHNVD
OSV5.6
EPSS
0.0%
top 92.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 4
Latest updateDec 3
Description
In the Linux kernel, the following vulnerability has been resolved:
exfat: fix double free in delayed_free
The double free could happen in the following path.
exfat_create_upcase_table()
exfat_create_upcase_table() : return error
exfat_free_upcase_table() : free ->vol_utbl
exfat_load_default_upcase_table : return error
exfat_kill_sb()
delayed_free()
exfat_free_upcase_table() vol_util as NULL after freeing it.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages4 packages
▶CVEListV5linux/linux1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 — 13d8de1b6568dcc31a95534ced16bc0c9a67bc15+4
Also affects: Debian Linux 11.0
Patches
🔴Vulnerability Details
18OSV▶
linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlate↗2025-12-03
📋Vendor Advisories
19💬Community
1Bugzilla▶
CVE-2025-38206 kernel: Kernel: Double free vulnerability in exFAT filesystem can lead to denial of service↗2025-07-04