cbcvebase.
CVE-2025-38206
published 2025-07-04

CVE-2025-38206: In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayed_free The double free could happen in the following path…

high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayed_free The double free could happen in the following path. exfat_create_upcase_table() exfat_create_upcase_table() : return error exfat_free_upcase_table() : free ->vol_utbl exfat_load_default_upcase_table : return error exfat_kill_sb() delayed_free() exfat_free_upcase_table() vol_util as NULL after freeing it.

Affected

16 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debianlinux< linux 5.10.244-1 (bullseye)linux 5.10.244-1 (bullseye)
linuxlinux
linuxlinux>= 1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 < 13d8de1b6568dcc31a95534ced16bc0c9a67bc1513d8de1b6568dcc31a95534ced16bc0c9a67bc15
linuxlinux>= 1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 < 66e84439ec2af776ce749e8540f8fdd25777415266e84439ec2af776ce749e8540f8fdd257774152
linuxlinux>= 1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 < d3cef0e7a5c1aa6217c51faa9ce8ecac35d6e1fdd3cef0e7a5c1aa6217c51faa9ce8ecac35d6e1fd
linuxlinux>= 1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 < 1f3d9724e16d62c7d42c67d6613b8512f2887c221f3d9724e16d62c7d42c67d6613b8512f2887c22
linuxlinux_kernel>= 0 < 5.10.244-15.10.244-1
linuxlinux_kernel>= 0 < 6.16.3-16.16.3-1
linuxlinux_kernel>= 0 < 5.15.0-156.1665.15.0-156.166
linuxlinux_kernel>= 5.11 < 5.15.1865.15.186
linuxlinux_kernel>= 5.16 < 6.15.46.15.4
linuxlinux_kernel>= 5.7 < 5.10.2395.10.239
msrcazl3_kernel_6.6.96.1-1_on_azure_linux_3.0
msrccbl2_kernel_5.10.78.1-1_on_cbl_mariner_2.0
msrccm1_kernel_5.10.60.1-1_on_cbl_mariner_1.0

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH