CVE-2025-38421

platform/x86/amd: pmf: Use device managed allocations

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmf: Use device managed allocations If setting up smart PC fails for any reason then this can lead to
a double free when unloading amd-pmf. This is because dev->buf was
freed but never set to NULL and is again freed in amd_pmf_remove(). To avoid subtle allocation bugs in failures leading to a double free
change all allocations into device managed allocations.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: platform/x86/amd: pmf: Usar asignaciones administradas por dispositivo. Si la configuración de Smart PC falla por cualquier motivo, esto puede provocar una doble liberación al descargar amd-pmf. Esto se debe a que dev->buf se liberó, pero nunca se configuró como NULL y se libera de nuevo en amd_pmf_remove(). Para evitar errores sutiles de asignación en fallos que provoquen una doble liberación, cambie todas las asignaciones a asignaciones administradas por dispositivo.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-04-16 CVE Reserved
2025-07-25 CVE Published
2025-07-28 CVE Updated
2025-07-31 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/5b1122fc4995f308b21d7cfc64ef9880ac834d20	Vuln. Introduced
https://git.kernel.org/stable/c/e70b4b8f93d7fcf8ee063a1d1f18782c4da3d335	Vuln. Introduced
https://git.kernel.org/stable/c/3ed60e51ffdbfef14169bd967e21a6ba5e5ff42b	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/0d10b532f861253c283863522d59d099fcb0796d	2025-06-27
https://git.kernel.org/stable/c/d9db3a941270d92bbd1a6a6b54a10324484f2f2d	2025-06-10

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.14 < 6.15.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.14 < 6.15.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.14 < 6.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.14 < 6.16"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.12.23 Search vendor "Linux" for product "Linux Kernel" and version "6.12.23"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.13.11 Search vendor "Linux" for product "Linux Kernel" and version "6.13.11"		en		Affected