CVE-2025-38699
Published: Sep 4, 2025
Modified: May 12, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Double-free fix When the bfad_im_probe() function fails during initialization, the memory pointed to by bfad->im is freed without setting bfad->im to NULL. Subsequently, during driver uninstallation, when the state machine enters the bfad_sm_stopping state and calls the bfad_im_probe_undo() function, it attempts to free the memory pointed to by bfad->im again, thereby triggering a double-free vulnerability. Set bfad->im to NULL if probing fails.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e - < 684c92bb08a25ed3c0356bc7eb532ed5b19588ddaffected 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e - < 9337c2affbaebe00b75fdf84ea0e2fcf93c140afaffected 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e - < ba024d92564580bb90ec367248ace8efe16ce815affected 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e - < 8e03dd9fadf76db5b9799583074a1a2a54f787f1affected 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e - < 39cfe2c83146aad956318f866d0ee471b7a61fa5+4 more versions |
Linux | Linux | affected 2.6.32unaffected 0 - < 2.6.32unaffected 5.4.297 - <= 5.4.*unaffected 5.10.241 - <= 5.10.*unaffected 5.15.190 - <= 5.15.*+6 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now