AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-38341: In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: avoid double free when failing to DMA-m

highvulnerability

security

Source: NVD/CVE DatabaseJuly 10, 2025CVE-2025-38341

Summary

CVE-2025-38341 is a double free vulnerability (a bug where memory is freed twice, causing crashes or security issues) in the Linux kernel's fbnic ethernet driver that occurs when a function called fbnic_mbx_map_msg() fails to DMA-map (transfer data to hardware memory) a firmware message. The vulnerability arises because the function's design expects callers to free the message themselves on error, but some code paths may incorrectly free the message twice.

Solution / Mitigation

The Linux kernel project has released patches to fix this vulnerability. Three patch commits are available: https://git.kernel.org/stable/c/0a211e23852019ef55c70094524e87a944accbb5, https://git.kernel.org/stable/c/5bd1bafd4474ee26f504b41aba11f3e2a1175b88, and https://git.kernel.org/stable/c/670179265ad787b9fd8e701601914618b8927755. Users should apply the appropriate kernel update containing one of these patches.

Vulnerability Details

CVSS Score

7.8(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-415

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-38341

First tracked: February 15, 2026 at 08:35 PM

Classified by LLM (prompt v3) · confidence: 95%