CVE-2025-38699

In the Linux kernel, the following vulnerability has been resolved:

scsi: bfa: Double-free fix

When the bfad_im_probe() function fails during initialization, the memory pointed to by bfad->im is freed without setting bfad->im to NULL.

Subsequently, during driver uninstallation, when the state machine enters the bfad_sm_stopping state and calls the bfad_im_probe_undo() function, it attempts to free the memory pointed to by bfad->im again, thereby triggering a double-free vulnerability.

Set bfad->im to NULL if probing fails.

Published: Sep 4, 2025
Updated: Jan 8, 2026
CVE: CVE-2025-38699
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-415

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	2.6.33	5.4.297
linux / linux_kernel	5.5	5.10.241
linux / linux_kernel	5.11	5.15.190
linux / linux_kernel	5.16	6.1.149
linux / linux_kernel	6.2	6.6.103
linux / linux_kernel	6.7	6.12.43
linux / linux_kernel	6.13	6.15.11
linux / linux_kernel	6.16	6.16.2
linux / linux_kernel	2.6.32	2.6.32.x
linux / linux_kernel	2.6.32-rc4	2.6.32-rc4.x
linux / linux_kernel	2.6.32-rc5	2.6.32-rc5.x
linux / linux_kernel	2.6.32-rc6	2.6.32-rc6.x
linux / linux_kernel	2.6.32-rc7	2.6.32-rc7.x
linux / linux_kernel	2.6.32-rc8	2.6.32-rc8.x
debian / debian_linux	11.0	11.0.x

Vulnerability Database

318,756

CVE-2025-38699

Deep Security Visibility Without the Complexity