CVE-2025-39870
- Source
- https://cve.org/CVERecord?id=CVE-2025-39870
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39870.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-39870
- Downstream
- Related
- Published
- 2025-09-23T06:00:44.369Z
- Modified
- 2026-03-12T02:16:48.642185Z
- Summary
- dmaengine: idxd: Fix double free in idxd_setup_wqs()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Fix double free in idxdsetupwqs()
The clean up in idxdsetupwqs() has had a couple bugs because the error handling is a bit subtle. It's simpler to just re-write it in a cleaner way. The issues here are:
1) If "idxd->maxwqs" is <= 0 then we call putdevice(confdev) when "confdev" hasn't been initialized. 2) If kzallocnode() fails then again "confdev" is invalid. It's either uninitialized or it points to the "conf_dev" from the previous iteration so it leads to a double free.
It's better to free partial loop iterations within the loop and then the unwinding at the end can handle whole loop iterations. I also renamed the labels to describe what the goto does and not where the goto was located.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39870.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/25e6146c2812487a88f619d5ff6efbdcd5b2bc31
- https://git.kernel.org/stable/c/39aaa337449e71a41d4813be0226a722827ba606
- https://git.kernel.org/stable/c/9f0e225635475b2285b966271d5e82cba74295b1
- https://git.kernel.org/stable/c/df82c7901513fd0fc738052a8e6a330d92cc8ec9
- https://git.kernel.org/stable/c/ec5430d090d0b6ace8fefa290fc37e88930017d2
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39870.json
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-39870
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd584acdf54f409cb7eae1359ae6c12aaabedeed8Fixed25e6146c2812487a88f619d5ff6efbdcd5b2bc31
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced47846211998a9ffb0fcc08092eb95ac783d2b11aFixeddf82c7901513fd0fc738052a8e6a330d92cc8ec9
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5fcd392dae6d6aba7dc64ffdbb838ff191315da3Fixedec5430d090d0b6ace8fefa290fc37e88930017d2
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3fd2f4bc010cdfbc07dd21018dc65bd9370eb7a4Fixed9f0e225635475b2285b966271d5e82cba74295b1Fixed39aaa337449e71a41d4813be0226a722827ba606
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affecteded2c66000aa64c0d2621864831f0d04c820a1441