CVE-2025-68754

05.01.2026, 10:15

In the Linux kernel, the following vulnerability has been resolved:

rtc: amlogic-a4: fix double free caused by devm

The clock obtained via devm_clk_get_enabled() is automatically managed
by devres and will be disabled and freed on driver detach. Manually
calling clk_disable_unprepare() in error path and remove function
causes double free.

Remove the redundant clk_disable_unprepare() calls from the probe
error path and aml_rtc_remove(), allowing the devm framework to
automatically manage the clock lifecycle.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 3%

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
trixie	6.12.57-1 not-affected
bookworm	6.1.148-1 not-affected
bullseye (security)	5.10.247-1 fixed
bookworm (security)	6.1.158-1 fixed
trixie (security)	6.12.48-1 fixed
forky	6.17.13-1 fixed
sid	6.18.3-1 fixed

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder um nicht spezifizierte Auswirkungen zu erzielen.
Published: 2026-01-04T23:00:00+00:00

References

https://git.kernel.org/stable/c/2e1c79299036614ac32b251d145fad5391f4bcab

https://git.kernel.org/stable/c/384150d7a5b60c1086790a8ee07b0629f906cca2

https://git.kernel.org/stable/c/9fed02c16488050cd4e33e045506336b216d7301