CVE-2025-68172
- Source
- https://cve.org/CVERecord?id=CVE-2025-68172
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68172.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-68172
- Downstream
- Related
- Published
- 2025-12-16T13:42:52.141Z
- Modified
- 2026-03-28T17:44:34.557788192Z
- Summary
- crypto: aspeed - fix double free caused by devm
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
crypto: aspeed - fix double free caused by devm
The clock obtained via devmclkgetenabled() is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clkdisable_unprepare() in error path and remove function causes double free.
Remove the manual clock cleanup in both aspeedacryprobe()'s error path and aspeedacryremove().
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68172.json" }- References
-
- https://git.kernel.org/stable/c/0dd6474ced33489076e6c0f3fe5077bf12e85b28
- https://git.kernel.org/stable/c/29d0504077044a7e1ffbd09a6118018d5954a6e5
- https://git.kernel.org/stable/c/3c9bf72cc1ced1297b235f9422d62b613a3fdae9
- https://git.kernel.org/stable/c/e8407dfd267018f4647ffb061a9bd4a6d7ebacc6
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68172.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-68172
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2f1cf4e50c956f882c9fc209c7cded832b67b8a3Fixed0dd6474ced33489076e6c0f3fe5077bf12e85b28Fixed29d0504077044a7e1ffbd09a6118018d5954a6e5Fixede8407dfd267018f4647ffb061a9bd4a6d7ebacc6Fixed3c9bf72cc1ced1297b235f9422d62b613a3fdae9