Vulnerability Database

321,593

Total vulnerabilities in the database

CVE-2025-39870

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Fix double free in idxd_setup_wqs()

The clean up in idxd_setup_wqs() has had a couple bugs because the error handling is a bit subtle. It's simpler to just re-write it in a cleaner way. The issues here are:

  1. If "idxd->max_wqs" is <= 0 then we call put_device(conf_dev) when "conf_dev" hasn't been initialized.
  2. If kzalloc_node() fails then again "conf_dev" is invalid. It's either uninitialized or it points to the "conf_dev" from the previous iteration so it leads to a double free.

It's better to free partial loop iterations within the loop and then the unwinding at the end can handle whole loop iterations. I also renamed the labels to describe what the goto does and not where the goto was located.

  • Published: Sep 23, 2025
  • Updated: Jan 21, 2026
  • CVE: CVE-2025-39870
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.8
  • AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

Software From Fixed in
linux / linux_kernel 6.1.140 6.1.153
linux / linux_kernel 6.6.92 6.6.107
linux / linux_kernel 6.12.30 6.12.48
linux / linux_kernel 6.14.8 6.15
linux / linux_kernel 6.15.1 6.16.8
linux / linux_kernel 6.15 6.15.x
linux / linux_kernel 6.15-rc7 6.15-rc7.x
linux / linux_kernel 6.17-rc1 6.17-rc1.x
linux / linux_kernel 6.17-rc2 6.17-rc2.x
linux / linux_kernel 6.17-rc3 6.17-rc3.x
linux / linux_kernel 6.17-rc4 6.17-rc4.x
linux / linux_kernel 6.17-rc5 6.17-rc5.x
debian / debian_linux 11.0 11.0.x