CVE-2025-38409

Published: Jul 25, 2025Modified: Dec 23, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix another leak in the submit error path put_unused_fd() doesn't free the installed file, if we've already done fd_install(). So we need to also free the sync_file. Patchwork: https://patchwork.freedesktop.org/patch/653583/

Affected (7)

Products: Linux: Linux Kernel · Debian: Debian Linux

1 product

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 3.12 to 6.1.144
Linux Linux Kernel	From 6.13 to 6.15.6
Linux Linux Kernel	From 6.2 to 6.6.97
Linux Linux Kernel	From 6.7 to 6.12.37
Linux Linux Kernel	Version 6.16 rc1
Linux Linux Kernel	Version 6.16 rc2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 11.0

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (6)

https://git.kernel.org/stable/c/00b3401f692082ddf6342500d1be25560bba46d4

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/30d3819b0b9173e31b84d662a592af8bad351427

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/3f6ce8433a9035b0aa810e1f5b708e9dc1c367b0

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/c40ad1c04d306f7fde26337fdcf8a5979657d93f

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/f681c2aa8676a890eacc84044717ab0fd26e058f

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.