Memory Leak Vulnerability in Linux Kernel Affecting nvmet
CVE-2025-38405

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
25 July 2025

What is CVE-2025-38405?

A memory leak vulnerability has been identified in the nvmet component of the Linux kernel, which occurs when commands containing metadata are processed. This issue arises from the improper handling of bio integrity, resulting in a continuous memory allocation without proper deallocation. Specifically, the lax usage of bio_init in nvmet leads to bio integrity not being freed, causing a significant memory leak. To mitigate this, the inline bios should be properly uninitialized to ensure thorough memory cleanup and prevent resource exhaustion.

Affected Version(s)

Linux bf4c89fc8797f5c0964a0c3d561fbe7e8483b62f < 431e58d56fcb5ff1f9eb630724a922e0d2a941df

Linux bf4c89fc8797f5c0964a0c3d561fbe7e8483b62f < 2e2028fcf924d1c6df017033c8d6e28b735a0508

Linux bf4c89fc8797f5c0964a0c3d561fbe7e8483b62f < 190f4c2c863af7cc5bb354b70e0805f06419c038

References

https://git.kernel.org/stable/c/431e58d56fcb5ff1f9eb63072...
https://git.kernel.org/stable/c/2e2028fcf924d1c6df017033c...
https://git.kernel.org/stable/c/190f4c2c863af7cc5bb354b70...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38405 : Memory Leak Vulnerability in Linux Kernel Affecting nvmet