CVE-2025-38699 in Linuxinfo

Summary

by MITRE • 09/04/2025

In the Linux kernel, the following vulnerability has been resolved:

scsi: bfa: Double-free fix

When the bfad_im_probe() function fails during initialization, the memory pointed to by bfad->im is freed without setting bfad->im to NULL.

Subsequently, during driver uninstallation, when the state machine enters the bfad_sm_stopping state and calls the bfad_im_probe_undo() function, it attempts to free the memory pointed to by bfad->im again, thereby triggering a double-free vulnerability.

Set bfad->im to NULL if probing fails.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 02/10/2026

The vulnerability identified as CVE-2025-38699 represents a critical double-free error within the Linux kernel's SCSI driver subsystem, specifically affecting the bfa (Brocade Fabric Adapter) driver implementation. This flaw resides in the device initialization and cleanup procedures where improper memory management leads to potentially exploitable conditions. The issue manifests when the bfad_im_probe() function encounters a failure during the probe phase of driver initialization, creating a scenario where allocated memory remains referenced but not properly nullified. The underlying technical flaw stems from the absence of proper nullification of the bfad->im pointer following a failed probe operation, which directly violates fundamental memory safety principles and creates opportunities for memory corruption.

The operational impact of this vulnerability extends beyond simple memory corruption to potentially enable arbitrary code execution or system instability. When the driver enters the bfad_sm_stopping state during uninstallation, the bfad_im_probe_undo() function attempts to free memory that has already been freed during the initial failure scenario, resulting in the double-free condition. This type of vulnerability falls under CWE-415: Double Free, which is classified as a severe memory safety issue that can be exploited by attackers to manipulate heap memory layouts. The attack surface is particularly concerning as it involves the kernel's device driver framework where successful exploitation could lead to privilege escalation or denial of service conditions.

The mitigation strategy for CVE-2025-38699 requires implementing proper nullification of the bfad->im pointer following failed probe operations, ensuring that subsequent cleanup functions cannot attempt to free already-released memory blocks. This fix aligns with established best practices for kernel memory management and addresses the root cause by preventing the reuse of freed memory references. Security practitioners should prioritize patching this vulnerability as it represents a direct threat to system stability and security, particularly in environments where the affected bfa SCSI drivers are actively deployed. The remediation approach directly addresses the ATT&CK technique T1068: Exploitation for Privilege Escalation by preventing potential heap-based exploitation vectors that could arise from improper memory deallocation patterns in kernel space.

Responsible

Linux

Reservation

04/16/2025

Disclosure

09/04/2025

Moderation

accepted

CPE

ready

EPSS

0.00167

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!