Memory Leak in Linux Kernel Remote Procedure Handling
CVE-2025-38419

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38419?

A vulnerability exists in the Linux kernel's remote procedure handling that may lead to a memory leak. Specifically, when the rproc_attach() function is called while the remote processor state is RPROC_DETACHED, a failure in rproc_handle_resources() does not trigger the release of resources allocated during rproc_attach(). This oversight can lead to unreferenced objects persisting in memory, ultimately causing a leak. The fix involves refining the control flow to ensure that the resource cleanup process is invoked correctly under failure conditions, preventing unnecessary resource occupation.

Affected Version(s)

Linux 10a3d4079eaea06472f1981152e2840e7232ffa9

Linux 10a3d4079eaea06472f1981152e2840e7232ffa9 < 82208ce9505abb057afdece7c62a14687c52c9ca

Linux 10a3d4079eaea06472f1981152e2840e7232ffa9 < 9515d74c9d1ae7308a02e8bd4f894eb8137cf8df

References

https://git.kernel.org/stable/c/c56d6ef2711ee51b54f160ad0...

https://git.kernel.org/stable/c/82208ce9505abb057afdece7c...

https://git.kernel.org/stable/c/9515d74c9d1ae7308a02e8bd4...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025