CVE-2025-38405

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-38405
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38405.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38405
Downstream
Related
Published
2025-07-25T13:12:07.926Z
Modified
2026-03-12T02:14:55.269830Z
Summary
nvmet: fix memory leak of bio integrity
Details

In the Linux kernel, the following vulnerability has been resolved:

nvmet: fix memory leak of bio integrity

If nvmet receives commands with metadata there is a continuous memory leak of kmalloc-128 slab or more precisely bio->bi_integrity.

Since commit bf4c89fc8797 ("block: don't call biouninit from bioendio") each user of bioinit has to use biouninit as well. Otherwise the bio integrity is not getting free. Nvmet uses bio_init for inline bios.

Uninit the inline bio to complete deallocation of integrity in bio.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38405.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
bf4c89fc8797f5c0964a0c3d561fbe7e8483b62f
Fixed
431e58d56fcb5ff1f9eb630724a922e0d2a941df
Fixed
2e2028fcf924d1c6df017033c8d6e28b735a0508
Fixed
190f4c2c863af7cc5bb354b70e0805f06419c038
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
64149da0fddbbfe43e11c0348d8c8b4171dae3a2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38405.json"