{"id":"AZL-73644","summary":"CVE-2025-38699 affecting package kernel for versions less than 5.15.200.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bfa: Double-free fix\n\nWhen the bfad_im_probe() function fails during initialization, the memory\npointed to by bfad-\u003eim is freed without setting bfad-\u003eim to NULL.\n\nSubsequently, during driver uninstallation, when the state machine enters\nthe bfad_sm_stopping state and calls the bfad_im_probe_undo() function,\nit attempts to free the memory pointed to by bfad-\u003eim again, thereby\ntriggering a double-free vulnerability.\n\nSet bfad-\u003eim to NULL if probing fails.","modified":"2026-04-01T05:22:19.549839Z","published":"2025-09-04T16:15:38Z","upstream":["CVE-2025-38699"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38699"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.200.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73644.json"}}],"schema_version":"1.7.5"}