CVE-2025-39834

Published: Sep 16, 2025Modified: Jan 14, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow When an invalid stc_type is provided, the function allocates memory for shared_stc but jumps to unlock_and_out without freeing it, causing a memory leak. Fix by jumping to free_shared_stc label instead to ensure proper cleanup.

Affected (4)

Products: Linux: Linux Kernel

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.12 to 6.16.5
Linux Linux Kernel	Version 6.17 rc1
Linux Linux Kernel	Version 6.17 rc2
Linux Linux Kernel	Version 6.17 rc3

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (2)

https://git.kernel.org/stable/c/051fd8576a2e4e95d5870c5c9f8679c5b16882e4

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/a630f83592cdad1253523a1b760cfe78fef6cd9c

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.