{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-38418", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:24.014Z", "datePublished": "2025-07-25T14:05:42.836Z", "dateUpdated": "2026-05-11T21:27:36.154Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:27:36.154Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: core: Release rproc->clean_table after rproc_attach() fails\n\nWhen rproc->state = RPROC_DETACHED is attached to remote processor\nthrough rproc_attach(), if rproc_handle_resources() returns failure,\nthen the clean table should be released, otherwise the following\nmemory leak will occur.\n\nunreferenced object 0xffff000086a99800 (size 1024):\ncomm \"kworker/u12:3\", pid 59, jiffies 4294893670 (age 121.140s)\nhex dump (first 32 bytes):\n00 00 00 00 00 80 00 00 00 00 00 00 00 00 10 00 ............\n00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 ............\nbacktrace:\n [<000000008bbe4ca8>] slab_post_alloc_hook+0x98/0x3fc\n [<000000003b8a272b>] __kmem_cache_alloc_node+0x13c/0x230\n [<000000007a507c51>] __kmalloc_node_track_caller+0x5c/0x260\n [<0000000037818dae>] kmemdup+0x34/0x60\n [<00000000610f7f57>] rproc_boot+0x35c/0x56c\n [<0000000065f8871a>] rproc_add+0x124/0x17c\n [<00000000497416ee>] imx_rproc_probe+0x4ec/0x5d4\n [<000000003bcaa37d>] platform_probe+0x68/0xd8\n [<00000000771577f9>] really_probe+0x110/0x27c\n [<00000000531fea59>] __driver_probe_device+0x78/0x12c\n [<0000000080036a04>] driver_probe_device+0x3c/0x118\n [<000000007e0bddcb>] __device_attach_driver+0xb8/0xf8\n [<000000000cf1fa33>] bus_for_each_drv+0x84/0xe4\n [<000000001a53b53e>] __device_attach+0xfc/0x18c\n [<00000000d1a2a32c>] device_initial_probe+0x14/0x20\n [<00000000d8f8b7ae>] bus_probe_device+0xb0/0xb4\n unreferenced object 0xffff0000864c9690 (size 16):"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/remoteproc/remoteproc_core.c"], "versions": [{"version": "9dc9507f1880fb6225e3e058cb5219b152cbf198", "lessThan": "3562c09feeb8d8e9d102ce6840e8c7d57a7feb5c", "status": "affected", "versionType": "git"}, {"version": "9dc9507f1880fb6225e3e058cb5219b152cbf198", "lessThan": "bf876fd9dc2d0c9fff96aef63d4346719f206fc1", "status": "affected", "versionType": "git"}, {"version": "9dc9507f1880fb6225e3e058cb5219b152cbf198", "lessThan": "3ee979709e16a83b257bc9a544a7ff71fd445ea9", "status": "affected", "versionType": "git"}, {"version": "9dc9507f1880fb6225e3e058cb5219b152cbf198", "lessThan": "f4ef928ca504c996f9222eb2c59ac6d6eefd9c75", "status": "affected", "versionType": "git"}, {"version": "9dc9507f1880fb6225e3e058cb5219b152cbf198", "lessThan": "6fe9486d709e4a60990843832501ef6556440ca7", "status": "affected", "versionType": "git"}, {"version": "9dc9507f1880fb6225e3e058cb5219b152cbf198", "lessThan": "bcd241230fdbc6005230f80a4f8646ff5a84f15b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/remoteproc/remoteproc_core.c"], "versions": [{"version": "5.13", "status": "affected"}, {"version": "0", "lessThan": "5.13", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.186", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.142", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.95", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.35", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15.4", "lessThanOrEqual": "6.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "5.15.186"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.1.142"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.6.95"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.12.35"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.15.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.16"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/3562c09feeb8d8e9d102ce6840e8c7d57a7feb5c"}, {"url": "https://git.kernel.org/stable/c/bf876fd9dc2d0c9fff96aef63d4346719f206fc1"}, {"url": "https://git.kernel.org/stable/c/3ee979709e16a83b257bc9a544a7ff71fd445ea9"}, {"url": "https://git.kernel.org/stable/c/f4ef928ca504c996f9222eb2c59ac6d6eefd9c75"}, {"url": "https://git.kernel.org/stable/c/6fe9486d709e4a60990843832501ef6556440ca7"}, {"url": "https://git.kernel.org/stable/c/bcd241230fdbc6005230f80a4f8646ff5a84f15b"}], "title": "remoteproc: core: Release rproc->clean_table after rproc_attach() fails", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T17:37:48.750Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "00B21655-6B0B-41EB-84F7-135E6E3F32F4", "versionEndExcluding": "5.15.186", "versionStartIncluding": "5.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "459B4E94-FE0E-434D-B782-95E3A5FFC6B1", "versionEndExcluding": "6.1.142", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5E01853-7048-4D78-9479-9AEE41AC8456", "versionEndExcluding": "6.6.95", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E569FD34-0076-4428-BE17-EECCF867611C", "versionEndExcluding": "6.12.35", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DFD174C5-1AA2-4671-BDDC-1A9FCC753655", "versionEndExcluding": "6.15.4", "versionStartIncluding": "6.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: core: Release rproc->clean_table after rproc_attach() fails\n\nWhen rproc->state = RPROC_DETACHED is attached to remote processor\nthrough rproc_attach(), if rproc_handle_resources() returns failure,\nthen the clean table should be released, otherwise the following\nmemory leak will occur.\n\nunreferenced object 0xffff000086a99800 (size 1024):\ncomm \"kworker/u12:3\", pid 59, jiffies 4294893670 (age 121.140s)\nhex dump (first 32 bytes):\n00 00 00 00 00 80 00 00 00 00 00 00 00 00 10 00 ............\n00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 ............\nbacktrace:\n [<000000008bbe4ca8>] slab_post_alloc_hook+0x98/0x3fc\n [<000000003b8a272b>] __kmem_cache_alloc_node+0x13c/0x230\n [<000000007a507c51>] __kmalloc_node_track_caller+0x5c/0x260\n [<0000000037818dae>] kmemdup+0x34/0x60\n [<00000000610f7f57>] rproc_boot+0x35c/0x56c\n [<0000000065f8871a>] rproc_add+0x124/0x17c\n [<00000000497416ee>] imx_rproc_probe+0x4ec/0x5d4\n [<000000003bcaa37d>] platform_probe+0x68/0xd8\n [<00000000771577f9>] really_probe+0x110/0x27c\n [<00000000531fea59>] __driver_probe_device+0x78/0x12c\n [<0000000080036a04>] driver_probe_device+0x3c/0x118\n [<000000007e0bddcb>] __device_attach_driver+0xb8/0xf8\n [<000000000cf1fa33>] bus_for_each_drv+0x84/0xe4\n [<000000001a53b53e>] __device_attach+0xfc/0x18c\n [<00000000d1a2a32c>] device_initial_probe+0x14/0x20\n [<00000000d8f8b7ae>] bus_probe_device+0xb0/0xb4\n unreferenced object 0xffff0000864c9690 (size 16):"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: remoteproc: core: Liberar rproc-&gt;clean_table despu\u00e9s de que rproc_attach() falla Cuando rproc-&gt;state = RPROC_DETACHED se adjunta al procesador remoto a trav\u00e9s de rproc_attach(), si rproc_handle_resources() devuelve un error, entonces se debe liberar la tabla limpia; de lo contrario, se producir\u00e1 la siguiente p\u00e9rdida de memoria. unreferenced object 0xffff000086a99800 (size 1024): comm \"kworker/u12:3\", pid 59, jiffies 4294893670 (age 121.140s) hex dump (first 32 bytes): 00 00 00 00 00 80 00 00 00 00 00 00 00 00 10 00 ............ 00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 ............ backtrace: [&lt;000000008bbe4ca8&gt;] slab_post_alloc_hook+0x98/0x3fc [&lt;000000003b8a272b&gt;] __kmem_cache_alloc_node+0x13c/0x230 [&lt;000000007a507c51&gt;] __kmalloc_node_track_caller+0x5c/0x260 [&lt;0000000037818dae&gt;] kmemdup+0x34/0x60 [&lt;00000000610f7f57&gt;] rproc_boot+0x35c/0x56c [&lt;0000000065f8871a&gt;] rproc_add+0x124/0x17c [&lt;00000000497416ee&gt;] imx_rproc_probe+0x4ec/0x5d4 [&lt;000000003bcaa37d&gt;] platform_probe+0x68/0xd8 [&lt;00000000771577f9&gt;] really_probe+0x110/0x27c [&lt;00000000531fea59&gt;] __driver_probe_device+0x78/0x12c [&lt;0000000080036a04&gt;] driver_probe_device+0x3c/0x118 [&lt;000000007e0bddcb&gt;] __device_attach_driver+0xb8/0xf8 [&lt;000000000cf1fa33&gt;] bus_for_each_drv+0x84/0xe4 [&lt;000000001a53b53e&gt;] __device_attach+0xfc/0x18c [&lt;00000000d1a2a32c&gt;] device_initial_probe+0x14/0x20 [&lt;00000000d8f8b7ae&gt;] bus_probe_device+0xb0/0xb4 unreferenced object 0xffff0000864c9690 (size 16):"}], "id": "CVE-2025-38418", "lastModified": "2025-12-23T18:42:58.530", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-07-25T14:15:33.603", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3562c09feeb8d8e9d102ce6840e8c7d57a7feb5c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3ee979709e16a83b257bc9a544a7ff71fd445ea9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6fe9486d709e4a60990843832501ef6556440ca7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bcd241230fdbc6005230f80a4f8646ff5a84f15b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bf876fd9dc2d0c9fff96aef63d4346719f206fc1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f4ef928ca504c996f9222eb2c59ac6d6eefd9c75"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: remoteproc: core: Release rproc->clean_table after rproc_attach() fails", "id": "2383453", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383453"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nremoteproc: core: Release rproc->clean_table after rproc_attach() fails\nWhen rproc->state = RPROC_DETACHED is attached to remote processor\nthrough rproc_attach(), if rproc_handle_resources() returns failure,\nthen the clean table should be released, otherwise the following\nmemory leak will occur.\nunreferenced object 0xffff000086a99800 (size 1024):\ncomm \"kworker/u12:3\", pid 59, jiffies 4294893670 (age 121.140s)\nhex dump (first 32 bytes):\n00 00 00 00 00 80 00 00 00 00 00 00 00 00 10 00 ............\n00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 ............\nbacktrace:\n[<000000008bbe4ca8>] slab_post_alloc_hook+0x98/0x3fc\n[<000000003b8a272b>] __kmem_cache_alloc_node+0x13c/0x230\n[<000000007a507c51>] __kmalloc_node_track_caller+0x5c/0x260\n[<0000000037818dae>] kmemdup+0x34/0x60\n[<00000000610f7f57>] rproc_boot+0x35c/0x56c\n[<0000000065f8871a>] rproc_add+0x124/0x17c\n[<00000000497416ee>] imx_rproc_probe+0x4ec/0x5d4\n[<000000003bcaa37d>] platform_probe+0x68/0xd8\n[<00000000771577f9>] really_probe+0x110/0x27c\n[<00000000531fea59>] __driver_probe_device+0x78/0x12c\n[<0000000080036a04>] driver_probe_device+0x3c/0x118\n[<000000007e0bddcb>] __device_attach_driver+0xb8/0xf8\n[<000000000cf1fa33>] bus_for_each_drv+0x84/0xe4\n[<000000001a53b53e>] __device_attach+0xfc/0x18c\n[<00000000d1a2a32c>] device_initial_probe+0x14/0x20\n[<00000000d8f8b7ae>] bus_probe_device+0xb0/0xb4\nunreferenced object 0xffff0000864c9690 (size 16):"], "name": "CVE-2025-38418", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-07-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-38418\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38418\nhttps://lore.kernel.org/linux-cve-announce/2025072546-CVE-2025-38418-7af0@gregkh/T"], "threat_severity": "Low"}

{"created": "2025-07-26T11:22:04.650653+00:00", "updated": "2025-07-26T11:22:04.650704+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}