CVE-2025-38549

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-38549
In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths When processing mount options, efivarfs allocates efivarfs_fs_info (sfi) early in fs_context initialization. However, sfi is associated with the superblock and typically freed when the superblock is destroyed. If the fs_context is released (final put) before fill_super is called—such as on error paths or during reconfiguration—the sfi structure would leak, as ownership never transfers to the superblock. Implement the .free callback in efivarfs_context_ops to ensure any allocated sfi is properly freed if the fs_context is torn down before fill_super, preventing this memory leak.
CVSS

No CVSS.

References
Link Resource
https://git.kernel.org/stable/c/64e135f1eaba0bbb0cdee859af3328c68d5b9789
https://git.kernel.org/stable/c/816d36973467d1c9c08a48bdffe4675e219a2e84
https://git.kernel.org/stable/c/e9fabe7036bb8be6071f39dc38605508f5f57b20
Configurations

No configuration.

History

18 Aug 2025, 20:16

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: efivarfs: corrige la pérdida de memoria de efivarfs_fs_info en las rutas de error de fs_context Al procesar las opciones de montaje, efivarfs asigna efivarfs_fs_info (sfi) al principio de la inicialización de fs_context. Sin embargo, sfi está asociado al superbloque y normalmente se libera cuando este se destruye. Si se libera fs_context (posición final) antes de llamar a fill_super (como en rutas de error o durante la reconfiguración), la estructura sfi se filtraría, ya que la propiedad nunca se transfiere al superbloque. Implementa la devolución de llamada .free en efivarfs_context_ops para garantizar que cualquier sfi asignado se libere correctamente si fs_context se derriba antes que fill_super, lo que previene esta pérdida de memoria.

16 Aug 2025, 12:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-16 12:15

Updated : 2025-08-18 20:16

NVD link : CVE-2025-38549

Mitre link : CVE-2025-38549

CVE.ORG link : CVE-2025-38549

JSON object : View

Products Affected

No product.

CWE

No CWE.