CVE-2025-38418
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38418
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38418.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38418
- Downstream
- Related
- Published
- 2025-07-25T14:05:42.836Z
- Modified
- 2025-11-28T02:34:28.324166Z
- Summary
- remoteproc: core: Release rproc->clean_table after rproc_attach() fails
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
remoteproc: core: Release rproc->cleantable after rprocattach() fails
When rproc->state = RPROCDETACHED is attached to remote processor through rprocattach(), if rprochandleresources() returns failure, then the clean table should be released, otherwise the following memory leak will occur.
unreferenced object 0xffff000086a99800 (size 1024): comm "kworker/u12:3", pid 59, jiffies 4294893670 (age 121.140s) hex dump (first 32 bytes): 00 00 00 00 00 80 00 00 00 00 00 00 00 00 10 00 ............ 00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 ............ backtrace: [<000000008bbe4ca8>] slabpostallochook+0x98/0x3fc [<000000003b8a272b>] _kmemcacheallocnode+0x13c/0x230 [<000000007a507c51>] _kmallocnodetrackcaller+0x5c/0x260 [<0000000037818dae>] kmemdup+0x34/0x60 [<00000000610f7f57>] rprocboot+0x35c/0x56c [<0000000065f8871a>] rprocadd+0x124/0x17c [<00000000497416ee>] imxrprocprobe+0x4ec/0x5d4 [<000000003bcaa37d>] platformprobe+0x68/0xd8 [<00000000771577f9>] reallyprobe+0x110/0x27c [<00000000531fea59>] _driverprobedevice+0x78/0x12c [<0000000080036a04>] driverprobedevice+0x3c/0x118 [<000000007e0bddcb>] _deviceattachdriver+0xb8/0xf8 [<000000000cf1fa33>] busforeachdrv+0x84/0xe4 [<000000001a53b53e>] _deviceattach+0xfc/0x18c [<00000000d1a2a32c>] deviceinitialprobe+0x14/0x20 [<00000000d8f8b7ae>] busprobedevice+0xb0/0xb4 unreferenced object 0xffff0000864c9690 (size 16):
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38418.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/3562c09feeb8d8e9d102ce6840e8c7d57a7feb5c
- https://git.kernel.org/stable/c/3ee979709e16a83b257bc9a544a7ff71fd445ea9
- https://git.kernel.org/stable/c/6fe9486d709e4a60990843832501ef6556440ca7
- https://git.kernel.org/stable/c/bcd241230fdbc6005230f80a4f8646ff5a84f15b
- https://git.kernel.org/stable/c/bf876fd9dc2d0c9fff96aef63d4346719f206fc1
- https://git.kernel.org/stable/c/f4ef928ca504c996f9222eb2c59ac6d6eefd9c75
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38418.json
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-38418
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9dc9507f1880fb6225e3e058cb5219b152cbf198Fixed3562c09feeb8d8e9d102ce6840e8c7d57a7feb5cFixedbf876fd9dc2d0c9fff96aef63d4346719f206fc1Fixed3ee979709e16a83b257bc9a544a7ff71fd445ea9Fixedf4ef928ca504c996f9222eb2c59ac6d6eefd9c75Fixed6fe9486d709e4a60990843832501ef6556440ca7Fixedbcd241230fdbc6005230f80a4f8646ff5a84f15b