CVE-2025-38384

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-38384
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38384.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38384
Downstream
Related
Published
2025-07-25T12:53:25.396Z
Modified
2026-05-15T11:53:11.191081625Z
Summary
mtd: spinand: fix memory leak of ECC engine conf
Details

In the Linux kernel, the following vulnerability has been resolved:

mtd: spinand: fix memory leak of ECC engine conf

Memory allocated for the ECC engine conf is not released during spinand cleanup. Below kmemleak trace is seen for this memory leak:

unreferenced object 0xffffff80064f00e0 (size 8): comm "swapper/0", pid 1, jiffies 4294937458 hex dump (first 8 bytes): 00 00 00 00 00 00 00 00 ........ backtrace (crc 0): kmemleak_alloc+0x30/0x40 __kmalloccachenoprof+0x208/0x3c0 spinandondieeccinitctx+0x114/0x200 nandeccinitctx+0x70/0xa8 nanddeveccengineinit+0xec/0x27c spinandprobe+0xa2c/0x1620 spimemprobe+0x130/0x21c spiprobe+0xf0/0x170 really_probe+0x17c/0x6e8 __driverprobedevice+0x17c/0x21c driverprobedevice+0x58/0x180 __deviceattachdriver+0x15c/0x1f8 bus_foreachdrv+0xec/0x150 _deviceattach+0x188/0x24c deviceinitialprobe+0x10/0x20 busprobedevice+0x11c/0x160

Fix the leak by calling nanddeveccenginecleanup() inside spinandcleanup().

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38384.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.187
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.144
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.97
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.37
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.15.6

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38384.json"