5.5
CVE-2025-38405
- EPSS 0.16%
- Veröffentlicht 25.07.2025 14:15:32
- Zuletzt bearbeitet 19.11.2025 18:18:34
- CVE-Watchlists
- Unerledigt
nvmet: fix memory leak of bio integrity
In the Linux kernel, the following vulnerability has been resolved:
nvmet: fix memory leak of bio integrity
If nvmet receives commands with metadata there is a continuous memory
leak of kmalloc-128 slab or more precisely bio->bi_integrity.
Since commit bf4c89fc8797 ("block: don't call bio_uninit from bio_endio")
each user of bio_init has to use bio_uninit as well. Otherwise the bio
integrity is not getting free. Nvmet uses bio_init for inline bios.
Uninit the inline bio to complete deallocation of integrity in bio.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.10.10 < 6.12.37
Linux ≫ Linux Kernel Version >= 6.13 < 6.15.6
Linux ≫ Linux Kernel Version6.16 Updaterc1
Linux ≫ Linux Kernel Version6.16 Updaterc2
Linux ≫ Linux Kernel Version6.16 Updaterc3
Linux ≫ Linux Kernel Version6.16 Updaterc4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.051 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://git.kernel.org/stable/c/190f4c2c863af7cc5bb354b70e0805f06419c038
https://git.kernel.org/stable/c/2e2028fcf924d1c6df017033c8d6e28b735a0508
https://git.kernel.org/stable/c/431e58d56fcb5ff1f9eb630724a922e0d2a941df