CVE-2025-40253
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/12/2025
Last modified:
04/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
s390/ctcm: Fix double-kfree<br />
<br />
The function &#39;mpc_rcvd_sweep_req(mpcginfo)&#39; is called conditionally<br />
from function &#39;ctcmpc_unpack_skb&#39;. It frees passed mpcginfo.<br />
After that a call to function &#39;kfree&#39; in function &#39;ctcmpc_unpack_skb&#39;<br />
frees it again.<br />
<br />
Remove &#39;kfree&#39; call in function &#39;mpc_rcvd_sweep_req(mpcginfo)&#39;.<br />
<br />
Bug detected by the clang static analyzer.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/06f1dd1de0d33dbfbd2e1fc9fc57d8895f730de2
- https://git.kernel.org/stable/c/3b177b2ded563df16f6d5920671ffcfe5915d472
- https://git.kernel.org/stable/c/7ff76f8dc6b550f8d16487bf3cebc278be720b5c
- https://git.kernel.org/stable/c/b9dbfb1b5699f9f1e4991f96741bdf9047147589
- https://git.kernel.org/stable/c/da02a1824884d6c84c5e5b5ac373b0c9e3288ec2