{"uuid": "c063478d-5af5-4e38-ab47-42d129f70d88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38069", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18712", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-38069\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops\n\nFix a kernel oops found while testing the stm32_pcie Endpoint driver\nwith handling of PERST# deassertion:\n\nDuring EP initialization, pci_epf_test_alloc_space() allocates all BARs,\nwhich are further freed if epc_set_bar() fails (for instance, due to no\nfree inbound window).\n\nHowever, when pci_epc_set_bar() fails, the error path:\n\n  pci_epc_set_bar() ->\n    pci_epf_free_space()\n\ndoes not clear the previous assignment to epf_test->reg[bar].\n\nThen, if the host reboots, the PERST# deassertion restarts the BAR\nallocation sequence with the same allocation failure (no free inbound\nwindow), creating a double free situation since epf_test->reg[bar] was\ndeallocated and is still non-NULL.\n\nThus, make sure that pci_epf_alloc_space() and pci_epf_free_space()\ninvocations are symmetric, and as such, set epf_test->reg[bar] to NULL\nwhen memory is freed.\n\n[kwilczynski: commit log]\n\ud83d\udccf Published: 2025-06-18T09:33:46.711Z\n\ud83d\udccf Modified: 2025-06-18T09:33:46.711Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/fe2329eff5bee461ebcafadb6ca1df0cbf5945fd\n2. https://git.kernel.org/stable/c/8b83893d1f6c6061a7d58169ecdf9d5ee9f306ee\n3. https://git.kernel.org/stable/c/934e9d137d937706004c325fa1474f9e3f1ba10a", "creation_timestamp": "2025-06-18T10:40:11.000000Z"}