CVE-2025-68172 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: crypto: aspeed - fix double free caused by devm The clock obtained via devm_clk_get_enabled() is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clk_disable_unprepare() in error path and remove function causes double free. Remove the manual clock cleanup in both aspeed_acry_probe()'s error path and aspeed_acry_remove().

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0dd6474ced33489076e6c0f3fe5077bf12e85b28
https://git.kernel.org/stable/c/29d0504077044a7e1ffbd09a6118018d5954a6e5
https://git.kernel.org/stable/c/3c9bf72cc1ced1297b235f9422d62b613a3fdae9
https://git.kernel.org/stable/c/e8407dfd267018f4647ffb061a9bd4a6d7ebacc6

History

Tue, 16 Dec 2025 14:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: crypto: aspeed - fix double free caused by devm The clock obtained via devm_clk_get_enabled() is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clk_disable_unprepare() in error path and remove function causes double free. Remove the manual clock cleanup in both aspeed_acry_probe()'s error path and aspeed_acry_remove().
Title		crypto: aspeed - fix double free caused by devm
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0dd6474ced33489076e6c0f3fe5077bf12e85b28 https://git.kernel.org/stable/c/29d0504077044a7e1ffbd09a6118018d5954a6e5 https://git.kernel.org/stable/c/3c9bf72cc1ced1297b235f9422d62b613a3fdae9 https://git.kernel.org/stable/c/e8407dfd267018f4647ffb061a9bd4a6d7ebacc6

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-16T13:42:52.141Z

Updated: 2025-12-16T13:42:52.141Z

Reserved: 2025-12-16T13:41:40.251Z

Link: CVE-2025-68172

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-16T14:15:49.097

Modified: 2025-12-16T14:15:49.097

Link: CVE-2025-68172

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-68172", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-16T13:41:40.251Z", "datePublished": "2025-12-16T13:42:52.141Z", "dateUpdated": "2025-12-16T13:42:52.141Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-16T13:42:52.141Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: aspeed - fix double free caused by devm\n\nThe clock obtained via devm_clk_get_enabled() is automatically managed\nby devres and will be disabled and freed on driver detach. Manually\ncalling clk_disable_unprepare() in error path and remove function\ncauses double free.\n\nRemove the manual clock cleanup in both aspeed_acry_probe()'s error\npath and aspeed_acry_remove()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/crypto/aspeed/aspeed-acry.c"], "versions": [{"version": "2f1cf4e50c956f882c9fc209c7cded832b67b8a3", "lessThan": "0dd6474ced33489076e6c0f3fe5077bf12e85b28", "status": "affected", "versionType": "git"}, {"version": "2f1cf4e50c956f882c9fc209c7cded832b67b8a3", "lessThan": "29d0504077044a7e1ffbd09a6118018d5954a6e5", "status": "affected", "versionType": "git"}, {"version": "2f1cf4e50c956f882c9fc209c7cded832b67b8a3", "lessThan": "e8407dfd267018f4647ffb061a9bd4a6d7ebacc6", "status": "affected", "versionType": "git"}, {"version": "2f1cf4e50c956f882c9fc209c7cded832b67b8a3", "lessThan": "3c9bf72cc1ced1297b235f9422d62b613a3fdae9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/crypto/aspeed/aspeed-acry.c"], "versions": [{"version": "6.3", "status": "affected"}, {"version": "0", "lessThan": "6.3", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.117", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.58", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17.8", "lessThanOrEqual": "6.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3", "versionEndExcluding": "6.6.117"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3", "versionEndExcluding": "6.12.58"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3", "versionEndExcluding": "6.17.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3", "versionEndExcluding": "6.18"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0dd6474ced33489076e6c0f3fe5077bf12e85b28"}, {"url": "https://git.kernel.org/stable/c/29d0504077044a7e1ffbd09a6118018d5954a6e5"}, {"url": "https://git.kernel.org/stable/c/e8407dfd267018f4647ffb061a9bd4a6d7ebacc6"}, {"url": "https://git.kernel.org/stable/c/3c9bf72cc1ced1297b235f9422d62b613a3fdae9"}], "title": "crypto: aspeed - fix double free caused by devm", "x_generator": {"engine": "bippy-1.2.0"}}}}