CVE-2025-38419
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38419
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38419.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38419
- Downstream
- Related
- Published
- 2025-07-25T14:05:43.741Z
- Modified
- 2025-11-28T02:34:53.684038Z
- Summary
- remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
remoteproc: core: Cleanup acquired resources when rprochandleresources() fails in rproc_attach()
When rproc->state = RPROCDETACHED and rprocattach() is used to attach to the remote processor, if rprochandleresources() returns a failure, the resources allocated by imxrprocprepare() should be released, otherwise the following memory leak will occur.
Since almost the same thing is done in imxrprocprepare() and rprocresourcecleanup(), Function rprocresourcecleanup() is able to deal with empty lists so it is better to fix the "goto" statements in rprocattach(). replace the "unpreparedevice" goto statement with "cleanupresources" and get rid of the "unprepare_device" label.
unreferenced object 0xffff0000861c5d00 (size 128): comm "kworker/u12:3", pid 59, jiffies 4294893509 (age 149.220s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 02 88 00 00 00 00 00 00 10 00 00 00 00 00 ............ backtrace: [<00000000f949fe18>] slabpostallochook+0x98/0x37c [<00000000adbfb3e7>] _kmemcacheallocnode+0x138/0x2e0 [<00000000521c0345>] kmalloctrace+0x40/0x158 [<000000004e330a49>] rprocmementryinit+0x60/0xf8 [<000000002815755e>] imxrprocprepare+0xe0/0x180 [<0000000003f61b4e>] rprocboot+0x2ec/0x528 [<00000000e7e994ac>] rprocadd+0x124/0x17c [<0000000048594076>] imxrprocprobe+0x4ec/0x5d4 [<00000000efc298a1>] platformprobe+0x68/0xd8 [<00000000110be6fe>] reallyprobe+0x110/0x27c [<00000000e245c0ae>] _driverprobedevice+0x78/0x12c [<00000000f61f6f5e>] driverprobedevice+0x3c/0x118 [<00000000a7874938>] _deviceattachdriver+0xb8/0xf8 [<0000000065319e69>] busforeachdrv+0x84/0xe4 [<00000000db3eb243>] _deviceattach+0xfc/0x18c [<0000000072e4e1a4>] deviceinitialprobe+0x14/0x20
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38419.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/5434d9f2fd68722b514c14b417b53a8af02c4d24
- https://git.kernel.org/stable/c/7692c9fbedd9087dc9050903f58095915458d9b1
- https://git.kernel.org/stable/c/82208ce9505abb057afdece7c62a14687c52c9ca
- https://git.kernel.org/stable/c/92776ca0ccfe78b9bfe847af206bad641fb11121
- https://git.kernel.org/stable/c/9515d74c9d1ae7308a02e8bd4f894eb8137cf8df
- https://git.kernel.org/stable/c/c56d6ef2711ee51b54f160ad0f25a381561f0287
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38419.json
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-38419
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced10a3d4079eaea06472f1981152e2840e7232ffa9Fixedc56d6ef2711ee51b54f160ad0f25a381561f0287Fixed82208ce9505abb057afdece7c62a14687c52c9caFixed9515d74c9d1ae7308a02e8bd4f894eb8137cf8dfFixed92776ca0ccfe78b9bfe847af206bad641fb11121Fixed5434d9f2fd68722b514c14b417b53a8af02c4d24Fixed7692c9fbedd9087dc9050903f58095915458d9b1