Memory Leak Vulnerability in Linux Kernel Affecting Spinand ECC Engine Configuration
CVE-2025-38384

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38384?

A memory leak vulnerability in the Linux Kernel affects the ECC engine configuration during the cleanup process of Spinand. Specifically, memory allocated for the ECC engine configuration is not properly released, leading to potential resource exhaustion. This flaw can be observed through kmemleak traces indicating unreferenced memory objects. The issue arises when the spinand_cleanup() function fails to call nanddev_ecc_engine_cleanup(), resulting in the persistent memory allocation. Properly addressing this leak is crucial to maintain the stability and efficiency of systems relying on the Linux Kernel.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 68d3417305ee100dcad90fd6e5846b22497aa394

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/68d3417305ee100dcad90fd6e...

https://git.kernel.org/stable/c/f99408670407abb6493780e38...

https://git.kernel.org/stable/c/d5c1e3f32902ab518519d0551...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025