Memory Leak in Linux Kernel's Remote Processor Handling
CVE-2025-38418

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38418?

A memory leak vulnerability exists in the Linux kernel's management of remote processors. When the function rproc_attach() is called, if rproc_handle_resources() fails, it does not properly release the clean_table associated with the remote processor. This oversight can lead to unreferenced memory allocations, ultimately causing resource exhaustion in the kernel. The failure to manage memory effectively can impact system stability and performance, particularly in environments relying heavily on remote processors.

Affected Version(s)

Linux 9dc9507f1880fb6225e3e058cb5219b152cbf198 < 3562c09feeb8d8e9d102ce6840e8c7d57a7feb5c

Linux 9dc9507f1880fb6225e3e058cb5219b152cbf198

Linux 9dc9507f1880fb6225e3e058cb5219b152cbf198 < 3ee979709e16a83b257bc9a544a7ff71fd445ea9

References

https://git.kernel.org/stable/c/3562c09feeb8d8e9d102ce684...

https://git.kernel.org/stable/c/bf876fd9dc2d0c9fff96aef63...

https://git.kernel.org/stable/c/3ee979709e16a83b257bc9a54...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025