Linux Kernel Remoteproc Double Free Vulnerability in mtk_scp

Vulnerability

A double free vulnerability has been identified in the Linux kernel's remoteproc subsystem, specifically within the mtk_scp component. The issue arises because 'scp->rproc' is allocated using 'devm_rproc_alloc()', eliminating the need for an explicit free in the remove function.

Impact

Exploitation of this vulnerability could lead to memory corruption issues, commonly associated with double free vulnerabilities, which can be exploited to execute arbitrary code or cause a denial-of-service condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Remoteproc Double Free Vulnerability in mtk_scp

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating