5.5

CVE-2025-38384

mtd: spinand: fix memory leak of ECC engine conf

In the Linux kernel, the following vulnerability has been resolved:

mtd: spinand: fix memory leak of ECC engine conf

Memory allocated for the ECC engine conf is not released during spinand
cleanup. Below kmemleak trace is seen for this memory leak:

unreferenced object 0xffffff80064f00e0 (size 8):
  comm "swapper/0", pid 1, jiffies 4294937458
  hex dump (first 8 bytes):
    00 00 00 00 00 00 00 00                          ........
  backtrace (crc 0):
    kmemleak_alloc+0x30/0x40
    __kmalloc_cache_noprof+0x208/0x3c0
    spinand_ondie_ecc_init_ctx+0x114/0x200
    nand_ecc_init_ctx+0x70/0xa8
    nanddev_ecc_engine_init+0xec/0x27c
    spinand_probe+0xa2c/0x1620
    spi_mem_probe+0x130/0x21c
    spi_probe+0xf0/0x170
    really_probe+0x17c/0x6e8
    __driver_probe_device+0x17c/0x21c
    driver_probe_device+0x58/0x180
    __device_attach_driver+0x15c/0x1f8
    bus_for_each_drv+0xec/0x150
    __device_attach+0x188/0x24c
    device_initial_probe+0x10/0x20
    bus_probe_device+0x11c/0x160

Fix the leak by calling nanddev_ecc_engine_cleanup() inside
spinand_cleanup().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.15.187
LinuxLinux Kernel Version >= 5.16 < 6.1.144
LinuxLinux Kernel Version >= 6.2 < 6.6.97
LinuxLinux Kernel Version >= 6.7 < 6.12.37
LinuxLinux Kernel Version >= 6.13 < 6.15.6
LinuxLinux Kernel Version6.16 Updaterc1
LinuxLinux Kernel Version6.16 Updaterc2
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.053
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/6463cbe08b0cbf9bba8763306764f5fd643023e1
Patch
https://git.kernel.org/stable/c/68d3417305ee100dcad90fd6e5846b22497aa394
Patch
https://git.kernel.org/stable/c/93147abf80a831dd3b5660b3309b4f09546073b2
Patch
https://git.kernel.org/stable/c/c40b207cafd006c610832ba52a81cedee77adcb9
Patch
https://git.kernel.org/stable/c/d5c1e3f32902ab518519d05515ee6030fd6c59ae
Patch
https://git.kernel.org/stable/c/f99408670407abb6493780e38cb4ece3fbb52cfc
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory