5.5
CVE-2025-38390
- EPSS 0.15%
- Veröffentlicht 25.07.2025 13:15:28
- Zuletzt bearbeitet 19.11.2025 20:10:33
- CVE-Watchlists
- Unerledigt
firmware: arm_ffa: Fix memory leak by freeing notifier callback node
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_ffa: Fix memory leak by freeing notifier callback node
Commit e0573444edbf ("firmware: arm_ffa: Add interfaces to request
notification callbacks") adds support for notifier callbacks by allocating
and inserting a callback node into a hashtable during registration of
notifiers. However, during unregistration, the code only removes the
node from the hashtable without freeing the associated memory, resulting
in a memory leak.
Resolve the memory leak issue by ensuring the allocated notifier callback
node is properly freed after it is removed from the hashtable entry.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.37
Linux ≫ Linux Kernel Version >= 6.13 < 6.15.6
Linux ≫ Linux Kernel Version6.16 Updaterc1
Linux ≫ Linux Kernel Version6.16 Updaterc2
Linux ≫ Linux Kernel Version6.16 Updaterc3
Linux ≫ Linux Kernel Version6.16 Updaterc4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.049 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://git.kernel.org/stable/c/076fa20b4f5737c34921dbb152f9efceaee571b2
https://git.kernel.org/stable/c/938827c440564b2cf2f9b804d1fe81ce8267eded
https://git.kernel.org/stable/c/a833d31ad867103ba72a0b73f3606f4ab8601719