CVE-2025-38069

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> PCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops<br /> <br /> Fix a kernel oops found while testing the stm32_pcie Endpoint driver<br /> with handling of PERST# deassertion:<br /> <br /> During EP initialization, pci_epf_test_alloc_space() allocates all BARs,<br /> which are further freed if epc_set_bar() fails (for instance, due to no<br /> free inbound window).<br /> <br /> However, when pci_epc_set_bar() fails, the error path:<br /> <br /> pci_epc_set_bar() -&gt;<br /> pci_epf_free_space()<br /> <br /> does not clear the previous assignment to epf_test-&gt;reg[bar].<br /> <br /> Then, if the host reboots, the PERST# deassertion restarts the BAR<br /> allocation sequence with the same allocation failure (no free inbound<br /> window), creating a double free situation since epf_test-&gt;reg[bar] was<br /> deallocated and is still non-NULL.<br /> <br /> Thus, make sure that pci_epf_alloc_space() and pci_epf_free_space()<br /> invocations are symmetric, and as such, set epf_test-&gt;reg[bar] to NULL<br /> when memory is freed.<br /> <br /> [kwilczynski: commit log]