CVE-2025-68172

Root Cause: In the Aspeed crypto driver (aspeed_acry), the function aspeed_acry_probe() obtains a clock via devm_clk_get_enabled(), which is managed by devres and automatically freed on driver detach. However, the error path and the aspeed_acry_remove() function also call clk_disable_unprepare() manually, leading to a double free [1][2].

Attack Surface: The vulnerability exists in the kernel module. An attacker would need local access to the system to trigger the double free, possibly by causing a probe failure or unloading the module [1][2]. No special privileges are mentioned, but typical exploitation requires the ability to load/unload the driver or manipulate hardware.

Impact: A double free in the kernel can lead to memory corruption, system crash (denial of service), or potentially arbitrary code execution if an attacker can control the freed memory [1][2]. The severity is considered high.

Mitigation: The fix removes the redundant manual clock cleanup in both the probe error path and the remove function. The patches (commits e8407dfd2670 and 3c9bf72cc1ce) are included in the stable Linux kernel releases [1][2]. Users should update their kernel to a version containing these commits.