CVE-2025-38390

firmware: arm_ffa: Fix memory leak by freeing notifier callback node

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Fix memory leak by freeing notifier callback node Commit e0573444edbf ("firmware: arm_ffa: Add interfaces to request
notification callbacks") adds support for notifier callbacks by allocating
and inserting a callback node into a hashtable during registration of
notifiers. However, during unregistration, the code only removes the
node from the hashtable without freeing the associated memory, resulting
in a memory leak. Resolve the memory leak issue by ensuring the allocated notifier callback
node is properly freed after it is removed from the hashtable entry.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: arm_ffa: Corregir fuga de memoria liberando el nodo de devolución de llamada del notificador. El commit e0573444edbf ("firmware: arm_ffa: Añadir interfaces para solicitar devoluciones de llamada de notificación") añade compatibilidad con devoluciones de llamada de notificador mediante la asignación e inserción de un nodo de devolución de llamada en una tabla hash durante el registro de notificadores. Sin embargo, al anular el registro, el código solo elimina el nodo de la tabla hash sin liberar la memoria asociada, lo que provoca una fuga de memoria. Para resolver el problema de fuga de memoria, asegúrese de que el nodo de devolución de llamada del notificador asignado se libere correctamente tras eliminarlo de la entrada de la tabla hash.

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Fix...

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-04-16 CVE Reserved
2025-07-25 CVE Published
2025-07-28 CVE Updated
2025-07-31 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source
https://git.kernel.org/stable/c/e0573444edbf4ee7e3c191d3d08a4ccbd26628be	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/076fa20b4f5737c34921dbb152f9efceaee571b2	2025-07-10
https://git.kernel.org/stable/c/938827c440564b2cf2f9b804d1fe81ce8267eded	2025-07-10
https://git.kernel.org/stable/c/a833d31ad867103ba72a0b73f3606f4ab8601719	2025-06-09

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.7 < 6.12.37 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.12.37"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.7 < 6.15.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.15.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.7 < 6.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.16"		en		Affected