CVE-2025-38313
📋 TL;DR
This CVE describes a double-free memory corruption vulnerability in the Linux kernel's fsl-mc bus driver. When a specific error condition occurs during device allocation, the kernel attempts to free the same memory region twice, potentially leading to system instability or privilege escalation. This affects systems using Freescale/NXP Management Complex (MC) bus functionality in the Linux kernel.
💻 Affected Systems
- Linux kernel with fsl-mc bus driver support
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to denial of service, or potential privilege escalation to kernel mode allowing complete system compromise.
Likely Case
System crash or kernel panic causing denial of service, requiring system reboot.
If Mitigated
No impact if the vulnerable code path is not triggered during normal operation.
🎯 Exploit Status
Exploitation requires triggering specific error conditions in the fsl-mc driver allocation path. This is a local vulnerability requiring kernel access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing fixes from the provided git commits
Vendor Advisory: https://git.kernel.org/stable/c/12e4431e5078847791936820bd39df9e1ee26d2e
Restart Required: Yes
Instructions:
1. Update to a patched kernel version from your distribution. 2. Reboot the system to load the new kernel. 3. Verify the fix is applied by checking kernel version.
🔧 Temporary Workarounds
Disable fsl-mc module
linuxPrevent loading of the vulnerable driver if not required
echo 'blacklist fsl_mc_dprc' >> /etc/modprobe.d/blacklist-fsl-mc.conf
rmmod fsl_mc_dprc
🧯 If You Can't Patch
- Restrict local user access to systems using fsl-mc functionality
- Implement strict process isolation and limit kernel module loading capabilities
🔍 How to Verify
Check if Vulnerable:
Check if fsl_mc_dprc module is loaded: lsmod | grep fsl_mc_dprcCheck Version:
uname -rVerify Fix Applied:
Check kernel version against patched versions from your distribution📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- Double-free detection in kernel logs
- System crash/reboot events
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="kernel" AND ("double free" OR "kernel panic" OR "BUG: ")🔗 References
- https://git.kernel.org/stable/c/12e4431e5078847791936820bd39df9e1ee26d2e
- https://git.kernel.org/stable/c/1d5baab39e5b09a76870b345cdee7933871b881f
- https://git.kernel.org/stable/c/3135e03a92f6b5259d0a7f25f728e9e7866ede3f
- https://git.kernel.org/stable/c/4b23c46eb2d88924b93aca647bde9a4b9cf62cf9
- https://git.kernel.org/stable/c/7002b954c4a8b9965ba0f139812ee4a6f71beac8
- https://git.kernel.org/stable/c/873d47114fd5e5a1cad2018843671537cc71ac84
- https://git.kernel.org/stable/c/b2057374f326303c86d8423415ab58656eebc695
- https://git.kernel.org/stable/c/d694bf8a9acdbd061596f3e7549bc8cb70750a60
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
