Updated: 2025-11-19 04:15:06.832478
Description:
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpi_info is not set and will remain NULL until the probe succeeds. If it is not taken care, then it could result use-after-free as the value is exported via get_scpi_ops() and could refer to a memory allocated via devm_kzalloc() but freed when the probe fails.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 7.8 | HIGH | Released | CLSA-2026:1767864313 | 2026-01-08 09:51:58 | |
| CentOS 8.4 ELS | kernel | 4.18.0 | 7.8 | HIGH | Released | CLSA-2025:1763731262 | 2025-11-21 21:49:08 | |
| CentOS 8.5 ELS | kernel | 4.18.0 | 7.8 | HIGH | Released | CLSA-2025:1763734783 | 2025-11-21 21:49:09 | |
| CentOS Stream 8 ELS | kernel | 4.18.0 | 7.8 | HIGH | Not Vulnerable | 2025-10-19 00:57:50 | ||
| TuxCare 9.6 ESU | kernel | 5.14.0 | 7.8 | HIGH | Already Fixed | 2025-12-11 05:30:30 | ||
| Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 7.8 | HIGH | Needs Triage | 2025-11-19 08:40:13 | ||
| Ubuntu 16.04 ELS | linux | 4.4.0 | 7.8 | HIGH | Not Vulnerable | 2025-12-27 14:23:17 |