CVE-2025-38549

Published: Aug 16, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths When processing mount options, efivarfs allocates efivarfs_fs_info (sfi) early in fs_context initialization. However, sfi is associated with the superblock and typically freed when the superblock is destroyed. If the fs_context is released (final put) before fill_super is called—such as on error paths or during reconfiguration—the sfi structure would leak, as ownership never transfers to the superblock. Implement the .free callback in efivarfs_context_ops to ensure any allocated sfi is properly freed if the fs_context is torn down before fill_super, preventing this memory leak.

Vendor	Product	Versions
Linux	Linux	affected `5329aa5101f73c451bcd48deaf3f296685849d9c - < 816d36973467d1c9c08a48bdffe4675e219a2e84` affected `5329aa5101f73c451bcd48deaf3f296685849d9c - < e9fabe7036bb8be6071f39dc38605508f5f57b20` affected `5329aa5101f73c451bcd48deaf3f296685849d9c - < 64e135f1eaba0bbb0cdee859af3328c68d5b9789`
Linux	Linux	affected `6.7` unaffected `0 - < 6.7` unaffected `6.12.40 - <= 6.12.` unaffected `6.15.8 - <= 6.15.` unaffected `6.16 - <= *`

References

https://git.kernel.org/stable/c/816d36973467d1c9c08a48bdffe4675e219a2e84

https://git.kernel.org/stable/c/e9fabe7036bb8be6071f39dc38605508f5f57b20

https://git.kernel.org/stable/c/64e135f1eaba0bbb0cdee859af3328c68d5b9789

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-38549

Description

Affected Products

References