Memory Leak Vulnerability in Linux Kernel's efivarfs Module
CVE-2025-38549

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 August 2025

What is CVE-2025-38549?

The efivarfs module in the Linux kernel has a memory leak issue where the efivarfs_fs_info structure is not properly freed during error handling paths. This occurs when mount options are processed and the fs_context is released before fill_super is executed. As a result, the allocated efivarfs_fs_info structure remains in memory, leading to resource leaks. A fix has been implemented to ensure that any allocated structures are freed appropriately if the fs_context is torn down prematurely, thereby enhancing the stability and performance of the system.

Affected Version(s)

Linux 5329aa5101f73c451bcd48deaf3f296685849d9c < 816d36973467d1c9c08a48bdffe4675e219a2e84

Linux 5329aa5101f73c451bcd48deaf3f296685849d9c

Linux 5329aa5101f73c451bcd48deaf3f296685849d9c < 64e135f1eaba0bbb0cdee859af3328c68d5b9789

References

https://git.kernel.org/stable/c/816d36973467d1c9c08a48bdf...

https://git.kernel.org/stable/c/e9fabe7036bb8be6071f39dc3...

https://git.kernel.org/stable/c/64e135f1eaba0bbb0cdee859a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2025
Vulnerability Reserved
Apr 16, 2025