CVE-2025-68172

medium

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: aspeed - fix double free caused by devm The clock obtained via devm_clk_get_enabled() is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clk_disable_unprepare() in error path and remove function causes double free. Remove the manual clock cleanup in both aspeed_acry_probe()'s error path and aspeed_acry_remove().

References

https://git.kernel.org/stable/c/e8407dfd267018f4647ffb061a9bd4a6d7ebacc6

https://git.kernel.org/stable/c/3c9bf72cc1ced1297b235f9422d62b613a3fdae9

https://git.kernel.org/stable/c/29d0504077044a7e1ffbd09a6118018d5954a6e5

https://git.kernel.org/stable/c/0dd6474ced33489076e6c0f3fe5077bf12e85b28

Details

Source: Mitre, NVD

Published: 2025-12-16

Updated: 2025-12-18

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018