CVE-2025-38419

{"id": "CVE-2025-38419", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-07-25T14:15:33.727", "references": [{"url": "https://git.kernel.org/stable/c/5434d9f2fd68722b514c14b417b53a8af02c4d24", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7692c9fbedd9087dc9050903f58095915458d9b1", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/82208ce9505abb057afdece7c62a14687c52c9ca", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/92776ca0ccfe78b9bfe847af206bad641fb11121", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9515d74c9d1ae7308a02e8bd4f894eb8137cf8df", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c56d6ef2711ee51b54f160ad0f25a381561f0287", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "tags": ["Third Party Advisory", "Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach()\n\nWhen rproc->state = RPROC_DETACHED and rproc_attach() is used\nto attach to the remote processor, if rproc_handle_resources()\nreturns a failure, the resources allocated by imx_rproc_prepare()\nshould be released, otherwise the following memory leak will occur.\n\nSince almost the same thing is done in imx_rproc_prepare() and\nrproc_resource_cleanup(), Function rproc_resource_cleanup() is able\nto deal with empty lists so it is better to fix the \"goto\" statements\nin rproc_attach(). replace the \"unprepare_device\" goto statement with\n\"clean_up_resources\" and get rid of the \"unprepare_device\" label.\n\nunreferenced object 0xffff0000861c5d00 (size 128):\ncomm \"kworker/u12:3\", pid 59, jiffies 4294893509 (age 149.220s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 02 88 00 00 00 00 00 00 10 00 00 00 00 00 ............\nbacktrace:\n [<00000000f949fe18>] slab_post_alloc_hook+0x98/0x37c\n [<00000000adbfb3e7>] __kmem_cache_alloc_node+0x138/0x2e0\n [<00000000521c0345>] kmalloc_trace+0x40/0x158\n [<000000004e330a49>] rproc_mem_entry_init+0x60/0xf8\n [<000000002815755e>] imx_rproc_prepare+0xe0/0x180\n [<0000000003f61b4e>] rproc_boot+0x2ec/0x528\n [<00000000e7e994ac>] rproc_add+0x124/0x17c\n [<0000000048594076>] imx_rproc_probe+0x4ec/0x5d4\n [<00000000efc298a1>] platform_probe+0x68/0xd8\n [<00000000110be6fe>] really_probe+0x110/0x27c\n [<00000000e245c0ae>] __driver_probe_device+0x78/0x12c\n [<00000000f61f6f5e>] driver_probe_device+0x3c/0x118\n [<00000000a7874938>] __device_attach_driver+0xb8/0xf8\n [<0000000065319e69>] bus_for_each_drv+0x84/0xe4\n [<00000000db3eb243>] __device_attach+0xfc/0x18c\n [<0000000072e4e1a4>] device_initial_probe+0x14/0x20"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: remoteproc: core: Limpieza de recursos adquiridos cuando rproc_handle_resources() falla en rproc_attach(). Cuando rproc-&gt;state = RPROC_DETACHED y rproc_attach() se usa para conectarse al procesador remoto, si rproc_handle_resources() falla, se deben liberar los recursos asignados por imx_rproc_prepare(); de lo contrario, se producir\u00e1 la siguiente fuga de memoria. Dado que se realiza pr\u00e1cticamente lo mismo en imx_rproc_prepare() y rproc_resource_cleanup(), la funci\u00f3n rproc_resource_cleanup() puede procesar listas vac\u00edas, por lo que es recomendable corregir las instrucciones \"goto\" en rproc_attach(). Reemplace la instrucci\u00f3n goto \"unprepare_device\" por \"clean_up_resources\" y elimine la etiqueta \"unprepare_device\". unreferenced object 0xffff0000861c5d00 (size 128): comm \"kworker/u12:3\", pid 59, jiffies 4294893509 (age 149.220s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 02 88 00 00 00 00 00 00 10 00 00 00 00 00 ............ backtrace: [&lt;00000000f949fe18&gt;] slab_post_alloc_hook+0x98/0x37c [&lt;00000000adbfb3e7&gt;] __kmem_cache_alloc_node+0x138/0x2e0 [&lt;00000000521c0345&gt;] kmalloc_trace+0x40/0x158 [&lt;000000004e330a49&gt;] rproc_mem_entry_init+0x60/0xf8 [&lt;000000002815755e&gt;] imx_rproc_prepare+0xe0/0x180 [&lt;0000000003f61b4e&gt;] rproc_boot+0x2ec/0x528 [&lt;00000000e7e994ac&gt;] rproc_add+0x124/0x17c [&lt;0000000048594076&gt;] imx_rproc_probe+0x4ec/0x5d4 [&lt;00000000efc298a1&gt;] platform_probe+0x68/0xd8 [&lt;00000000110be6fe&gt;] really_probe+0x110/0x27c [&lt;00000000e245c0ae&gt;] __driver_probe_device+0x78/0x12c [&lt;00000000f61f6f5e&gt;] driver_probe_device+0x3c/0x118 [&lt;00000000a7874938&gt;] __device_attach_driver+0xb8/0xf8 [&lt;0000000065319e69&gt;] bus_for_each_drv+0x84/0xe4 [&lt;00000000db3eb243&gt;] __device_attach+0xfc/0x18c [&lt;0000000072e4e1a4&gt;] device_initial_probe+0x14/0x20"}], "lastModified": "2025-12-23T18:42:25.333", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00B21655-6B0B-41EB-84F7-135E6E3F32F4", "versionEndExcluding": "5.15.186", "versionStartIncluding": "5.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "459B4E94-FE0E-434D-B782-95E3A5FFC6B1", "versionEndExcluding": "6.1.142", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5E01853-7048-4D78-9479-9AEE41AC8456", "versionEndExcluding": "6.6.95", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E569FD34-0076-4428-BE17-EECCF867611C", "versionEndExcluding": "6.12.35", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFD174C5-1AA2-4671-BDDC-1A9FCC753655", "versionEndExcluding": "6.15.4", "versionStartIncluding": "6.13"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}