CVE-2025-68754

EUVD-2026-0896

05.01.2026, 10:15

In the Linux kernel, the following vulnerability has been resolved:

rtc: amlogic-a4: fix double free caused by devm

The clock obtained via devm_clk_get_enabled() is automatically managed
by devres and will be disabled and freed on driver detach. Manually
calling clk_disable_unprepare() in error path and remove function
causes double free.

Remove the redundant clk_disable_unprepare() calls from the probe
error path and aml_rtc_remove(), allowing the devm framework to
automatically manage the clock lifecycle.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.159-1 not-affected
bookworm (security)	6.1.162-1 fixed
bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.249-1 fixed
forky	6.18.12-1 fixed
sid	6.18.12-1 fixed
trixie	6.12.63-1 not-affected
trixie (security)	6.12.73-1 fixed

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder um nicht spezifizierte Auswirkungen zu erzielen.
Published: 2026-01-04T23:00:00+00:00

References

https://git.kernel.org/stable/c/2e1c79299036614ac32b251d145fad5391f4bcab

https://git.kernel.org/stable/c/384150d7a5b60c1086790a8ee07b0629f906cca2

https://git.kernel.org/stable/c/9fed02c16488050cd4e33e045506336b216d7301