CVE-2025-40062Double Free in Linux

32 documents6 sources
Severity
3.2LOWOSV
No vector
EPSS
0.0%
top 87.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedOct 28
Latest updateApr 9

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs When the initialization of qm->debug.acc_diff_reg fails, the probe process does not exit. However, after qm->debug.qm_diff_regs is freed, it is not set to NULL. This can lead to a double free when the remove process attempts to free it again. Therefore, qm->debug.qm_diff_regs should be set to NULL after it is freed.

Affected Packages6 packages

Linuxlinux/linux_kernel6.2.06.6.112+3
Debianlinux/linux_kernel< 6.1.158-1+2
Ubuntulinux/linux_kernel< 6.8.0-106.106+1
CVEListV5linux/linuxeda60520cfe3aba9f088c68ebd5bcbca9fc6ac3ca7836260d5121949ba734e840d42a86ab4a32fcc+6
debiandebian/linux< linux 6.1.158-1 (bookworm)

🔴Vulnerability Details

16
OSV
linux-raspi, linux-raspi-realtime vulnerabilities2026-04-01
OSV
linux-azure-6.8 vulnerabilities2026-03-25
OSV
linux-azure vulnerabilities2026-03-25
OSV
linux-aws-6.8 vulnerabilities2026-03-23
OSV
linux-realtime, linux-realtime-6.8 vulnerabilities2026-03-17

📋Vendor Advisories

15
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (AWS) vulnerabilities2026-03-23