CVE-2025-38390

Published: Jul 25, 2025Modified: Nov 19, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Fix memory leak by freeing notifier callback node Commit e0573444edbf ("firmware: arm_ffa: Add interfaces to request notification callbacks") adds support for notifier callbacks by allocating and inserting a callback node into a hashtable during registration of notifiers. However, during unregistration, the code only removes the node from the hashtable without freeing the associated memory, resulting in a memory leak. Resolve the memory leak issue by ensuring the allocated notifier callback node is properly freed after it is removed from the hashtable entry.

Affected (6)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.13 to 6.15.6
Linux Linux Kernel	From 6.7 to 6.12.37
Linux Linux Kernel	Version 6.16 rc1
Linux Linux Kernel	Version 6.16 rc2
Linux Linux Kernel	Version 6.16 rc3
Linux Linux Kernel	Version 6.16 rc4

Related CWEs

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (3)

https://git.kernel.org/stable/c/076fa20b4f5737c34921dbb152f9efceaee571b2

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/938827c440564b2cf2f9b804d1fe81ce8267eded

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/a833d31ad867103ba72a0b73f3606f4ab8601719

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.