CVE-2025-38015

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-38015
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Memory allocated for idxd is not freed if an error occurs during idxd_alloc(). To fix it, free the allocated memory in the reverse order of allocation before exiting the function in case of an error.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/46a5cca76c76c86063000a12936f8e7875295838 Patch
https://git.kernel.org/stable/c/4f005eb68890698e5abc6a3af04dab76f175c50c Patch
https://git.kernel.org/stable/c/64afd9a1f644b27661420257dcc007d5009c99dd Patch
https://git.kernel.org/stable/c/6e94a2c3e4c166cd2736ac225fba5889fb1e8ac0 Patch
https://git.kernel.org/stable/c/868dbce755ec92855362d213f47e045a8388361a Patch
https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.15:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.15:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.15:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.15:rc6:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
History

17 Dec 2025, 19:54

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/46a5cca76c76c86063000a12936f8e7875295838 - () https://git.kernel.org/stable/c/46a5cca76c76c86063000a12936f8e7875295838 - Patch
References () https://git.kernel.org/stable/c/4f005eb68890698e5abc6a3af04dab76f175c50c - () https://git.kernel.org/stable/c/4f005eb68890698e5abc6a3af04dab76f175c50c - Patch
References () https://git.kernel.org/stable/c/64afd9a1f644b27661420257dcc007d5009c99dd - () https://git.kernel.org/stable/c/64afd9a1f644b27661420257dcc007d5009c99dd - Patch
References () https://git.kernel.org/stable/c/6e94a2c3e4c166cd2736ac225fba5889fb1e8ac0 - () https://git.kernel.org/stable/c/6e94a2c3e4c166cd2736ac225fba5889fb1e8ac0 - Patch
References () https://git.kernel.org/stable/c/868dbce755ec92855362d213f47e045a8388361a - () https://git.kernel.org/stable/c/868dbce755ec92855362d213f47e045a8388361a - Patch
References () https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html - () https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html - Third Party Advisory
CPE cpe:2.3:o:linux:linux_kernel:6.15:rc5:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.15:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.15:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.15:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*
CWE CWE-401
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
First Time Linux
Debian
Debian debian Linux
Linux linux Kernel

03 Nov 2025, 20:18

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: idxd: se corrige una fuga de memoria en la ruta de gestión de errores de idxd_alloc. La memoria asignada a idxd no se libera si se produce un error durante idxd_alloc(). Para solucionarlo, libere la memoria asignada en orden inverso a la asignación antes de salir de la función en caso de error.
References
  • () https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html -

18 Jun 2025, 10:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-18 10:15

Updated : 2025-12-17 19:54

NVD link : CVE-2025-38015

Mitre link : CVE-2025-38015

CVE.ORG link : CVE-2025-38015

JSON object : View

Products Affected

debian

  • debian_linux

linux

  • linux_kernel
CWE
CWE-401

Missing Release of Memory after Effective Lifetime