File Descriptor Management Flaw in Linux Kernel Affects Multiple Versions
CVE-2025-38409

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38409?

A vulnerability has been identified in the Linux kernel concerning the improper handling of file descriptors in the drm/msm subsystem. The issue arises when the put_unused_fd() function is executed without properly freeing the associated file when a file descriptor is already installed via fd_install(). This flaw can potentially lead to resource leaks, affecting system performance and stability. A patch addressing this vulnerability has been released, ensuring that unused file descriptors are handled correctly, thereby enhancing system security and reliability.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 00b3401f692082ddf6342500d1be25560bba46d4

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3f6ce8433a9035b0aa810e1f5b708e9dc1c367b0

References

https://git.kernel.org/stable/c/00b3401f692082ddf6342500d...

https://git.kernel.org/stable/c/c40ad1c04d306f7fde26337fd...

https://git.kernel.org/stable/c/3f6ce8433a9035b0aa810e1f5...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025