CVE-2025-38405
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvmet: fix memory leak of bio integrity
If nvmet receives commands with metadata there is a continuous memory leak of kmalloc-128 slab or more precisely bio->bi_integrity.
Since commit bf4c89fc8797 ("block: don't call bio_uninit from bio_endio") each user of bio_init has to use bio_uninit as well. Otherwise the bio integrity is not getting free. Nvmet uses bio_init for inline bios.
Uninit the inline bio to complete deallocation of integrity in bio.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | bf4c89fc8797f5c0964a0c3d561fbe7e8483b62f < 431e58d56fcb5ff1f9eb630724a922e0d2a941df | affected |
| Linux | Linux | bf4c89fc8797f5c0964a0c3d561fbe7e8483b62f < 2e2028fcf924d1c6df017033c8d6e28b735a0508 | affected |
| Linux | Linux | bf4c89fc8797f5c0964a0c3d561fbe7e8483b62f < 190f4c2c863af7cc5bb354b70e0805f06419c038 | affected |
| Linux | Linux | 64149da0fddbbfe43e11c0348d8c8b4171dae3a2 | affected |
| Linux | Linux | 6.10.10 < 6.11 | affected |
| Linux | Linux | 6.11 | affected |
| Linux | Linux | 0 < 6.11 | unaffected |
| Linux | Linux | 6.12.37 <= 6.12.* | unaffected |
| Linux | Linux | 6.15.6 <= 6.15.* | unaffected |
| Linux | Linux | 6.16 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/431e58d56fcb5ff1f9eb630724a922e0d2a941df
- https://git.kernel.org/stable/c/2e2028fcf924d1c6df017033c8d6e28b735a0508
- https://git.kernel.org/stable/c/190f4c2c863af7cc5bb354b70e0805f06419c038
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.