CVE-2025-68172 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: aspeed - fix double free caused by devm

The clock obtained via devm_clk_get_enabled() is automatically managed
by devres and will be disabled and freed on driver detach. Manually
calling clk_disable_unprepare() in error path and remove function
causes double free.

Remove the manual clock cleanup in both aspeed_acry_probe()'s error
path and aspeed_acry_remove().

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/0dd6474ced33489076e6c0f3fe5077bf12e85b28
https://git.kernel.org/stable/c/29d0504077044a7e1ffbd09a6118018d5954a6e5
https://git.kernel.org/stable/c/3c9bf72cc1ced1297b235f9422d62b613a3fdae9
https://git.kernel.org/stable/c/e8407dfd267018f4647ffb061a9bd4a6d7ebacc6

History

Tue, 16 Dec 2025 14:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: crypto: aspeed - fix double free caused by devm The clock obtained via devm_clk_get_enabled() is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clk_disable_unprepare() in error path and remove function causes double free. Remove the manual clock cleanup in both aspeed_acry_probe()'s error path and aspeed_acry_remove().
Title		crypto: aspeed - fix double free caused by devm
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0dd6474ced33489076e6c0f3fe5077bf12e85b28 https://git.kernel.org/stable/c/29d0504077044a7e1ffbd09a6118018d5954a6e5 https://git.kernel.org/stable/c/3c9bf72cc1ced1297b235f9422d62b613a3fdae9 https://git.kernel.org/stable/c/e8407dfd267018f4647ffb061a9bd4a6d7ebacc6

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-16T13:42:52.141Z

Updated: 2025-12-16T13:42:52.141Z

Reserved: 2025-12-16T13:41:40.251Z

Link: CVE-2025-68172

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-16T14:15:49.097

Modified: 2025-12-16T14:15:49.097

Link: CVE-2025-68172

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Metrics

Affected Vendors & Products

Projects

Metrics

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object