Upstream information
Description
In the Linux kernel, the following vulnerability has been resolved:dmaengine: idxd: Fix double free in idxd_setup_wqs()
The clean up in idxd_setup_wqs() has had a couple bugs because the error
handling is a bit subtle. It's simpler to just re-write it in a cleaner
way. The issues here are:
1) If "idxd->max_wqs" is <= 0 then we call put_device(conf_dev) when
"conf_dev" hasn't been initialized.
2) If kzalloc_node() fails then again "conf_dev" is invalid. It's
either uninitialized or it points to the "conf_dev" from the
previous iteration so it leads to a double free.
It's better to free partial loop iterations within the loop and then
the unwinding at the end can handle whole loop iterations. I also
renamed the labels to describe what the goto does and not where the goto
was located.
SUSE information
Overall state of this security issue: Does not affect SUSE products
SUSE Bugzilla entry: 1250402 [NEW] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Tue Sep 23 14:46:23 2025CVE page last modified: Tue Sep 23 14:46:23 2025