DEBIAN-CVE-2025-38405

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2025-38405

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-38405.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-38405

Upstream

CVE-2025-38405

Published

2025-07-25T14:15:32Z

Modified

2025-09-19T06:10:40Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak of bio integrity If nvmet receives commands with metadata there is a continuous memory leak of kmalloc-128 slab or more precisely bio->biintegrity. Since commit bf4c89fc8797 ("block: don't call biouninit from bioendio") each user of bioinit has to use biouninit as well. Otherwise the bio integrity is not getting free. Nvmet uses bioinit for inline bios. Uninit the inline bio to complete deallocation of integrity in bio.

References

https://security-tracker.debian.org/tracker/CVE-2025-38405

Affected packages

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.37-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.37-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}