CVE-2025-38549
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38549
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38549.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38549
- Downstream
- Published
- 2025-08-16T11:34:17.699Z
- Modified
- 2025-11-27T19:35:43.986997Z
- Summary
- efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
efivarfs: Fix memory leak of efivarfsfsinfo in fs_context error paths
When processing mount options, efivarfs allocates efivarfsfsinfo (sfi) early in fscontext initialization. However, sfi is associated with the superblock and typically freed when the superblock is destroyed. If the fscontext is released (final put) before fill_super is called—such as on error paths or during reconfiguration—the sfi structure would leak, as ownership never transfers to the superblock.
Implement the .free callback in efivarfscontextops to ensure any allocated sfi is properly freed if the fscontext is torn down before fillsuper, preventing this memory leak.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/ee626f5d79d5817bb21d6f048dc0da4c4e383443/cves/2025/38xxx/CVE-2025-38549.json", "cna_assigner": "Linux" }- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5329aa5101f73c451bcd48deaf3f296685849d9cFixed816d36973467d1c9c08a48bdffe4675e219a2e84
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5329aa5101f73c451bcd48deaf3f296685849d9cFixede9fabe7036bb8be6071f39dc38605508f5f57b20
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5329aa5101f73c451bcd48deaf3f296685849d9cFixed64e135f1eaba0bbb0cdee859af3328c68d5b9789