CVE-2025-38549
MEDIUM EPSS 3.2%
Published Aug 16, 202510mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Published Aug 16, 2025 10mo ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths When processing mount options, efivarfs allocates efivarfs_fs_info (sfi) early in fs_context initialization. However, sfi is associated with the superblock and typically freed when the superblock is destroyed. If the fs_context is released (final put) before fill_super is called—such as on error paths or during reconfiguration—the sfi structure would leak, as ownership never transfers to the superblock. Implement the .free callback in efivarfs_context_ops to ensure any allocated sfi is properly freed if the fs_context is torn down before fill_super, preventing this memory leak.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
3.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-401
Affected Products 8
References 3
- git.kernel.org https://git.kernel.org/stable/c/64e135f1eaba0bbb0cdee859af3328c68d5b9789
- git.kernel.org https://git.kernel.org/stable/c/816d36973467d1c9c08a48bdffe4675e219a2e84
- git.kernel.org https://git.kernel.org/stable/c/e9fabe7036bb8be6071f39dc38605508f5f57b20
Remediation
- git.kernel.org https://git.kernel.org/stable/c/64e135f1eaba0bbb0cdee859af3328c68d5b9789
- git.kernel.org https://git.kernel.org/stable/c/816d36973467d1c9c08a48bdffe4675e219a2e84
- git.kernel.org https://git.kernel.org/stable/c/e9fabe7036bb8be6071f39dc38605508f5f57b20