CVE-2025-38206

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-38206
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38206.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38206
Downstream
Related
Published
2025-07-04T13:37:25.966Z
Modified
2026-05-28T03:53:54.113944729Z
Summary
exfat: fix double free in delayed_free
Details

In the Linux kernel, the following vulnerability has been resolved:

exfat: fix double free in delayed_free

The double free could happen in the following path.

exfatcreateupcasetable() exfatcreateupcasetable() : return error exfatfreeupcasetable() : free ->volutbl exfatloaddefaultupcasetable : return error exfatkillsb() delayedfree() exfatfreeupcasetable() <--------- double free This patch set ->vol_util as NULL after freeing it.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38206.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003
Fixed
13d8de1b6568dcc31a95534ced16bc0c9a67bc15
Fixed
66e84439ec2af776ce749e8540f8fdd257774152
Fixed
d3cef0e7a5c1aa6217c51faa9ce8ecac35d6e1fd
Fixed
1f3d9724e16d62c7d42c67d6613b8512f2887c22

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38206.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.7.0
Fixed
5.10.239
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.186
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.15.4

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38206.json"