{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38384","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:24.010Z","datePublished":"2025-07-25T12:53:25.396Z","dateUpdated":"2026-05-11T21:26:55.826Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:26:55.826Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: spinand: fix memory leak of ECC engine conf\n\nMemory allocated for the ECC engine conf is not released during spinand\ncleanup. Below kmemleak trace is seen for this memory leak:\n\nunreferenced object 0xffffff80064f00e0 (size 8):\n  comm \"swapper/0\", pid 1, jiffies 4294937458\n  hex dump (first 8 bytes):\n    00 00 00 00 00 00 00 00                          ........\n  backtrace (crc 0):\n    kmemleak_alloc+0x30/0x40\n    __kmalloc_cache_noprof+0x208/0x3c0\n    spinand_ondie_ecc_init_ctx+0x114/0x200\n    nand_ecc_init_ctx+0x70/0xa8\n    nanddev_ecc_engine_init+0xec/0x27c\n    spinand_probe+0xa2c/0x1620\n    spi_mem_probe+0x130/0x21c\n    spi_probe+0xf0/0x170\n    really_probe+0x17c/0x6e8\n    __driver_probe_device+0x17c/0x21c\n    driver_probe_device+0x58/0x180\n    __device_attach_driver+0x15c/0x1f8\n    bus_for_each_drv+0xec/0x150\n    __device_attach+0x188/0x24c\n    device_initial_probe+0x10/0x20\n    bus_probe_device+0x11c/0x160\n\nFix the leak by calling nanddev_ecc_engine_cleanup() inside\nspinand_cleanup()."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/mtd/nand/spi/core.c"],"versions":[{"version":"3d1f08b032dc4e168f3aefed1e07a63c3c080325","lessThan":"68d3417305ee100dcad90fd6e5846b22497aa394","status":"affected","versionType":"git"},{"version":"3d1f08b032dc4e168f3aefed1e07a63c3c080325","lessThan":"f99408670407abb6493780e38cb4ece3fbb52cfc","status":"affected","versionType":"git"},{"version":"3d1f08b032dc4e168f3aefed1e07a63c3c080325","lessThan":"d5c1e3f32902ab518519d05515ee6030fd6c59ae","status":"affected","versionType":"git"},{"version":"3d1f08b032dc4e168f3aefed1e07a63c3c080325","lessThan":"c40b207cafd006c610832ba52a81cedee77adcb9","status":"affected","versionType":"git"},{"version":"3d1f08b032dc4e168f3aefed1e07a63c3c080325","lessThan":"93147abf80a831dd3b5660b3309b4f09546073b2","status":"affected","versionType":"git"},{"version":"3d1f08b032dc4e168f3aefed1e07a63c3c080325","lessThan":"6463cbe08b0cbf9bba8763306764f5fd643023e1","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/mtd/nand/spi/core.c"],"versions":[{"version":"5.11","status":"affected"},{"version":"0","lessThan":"5.11","status":"unaffected","versionType":"semver"},{"version":"5.15.187","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.144","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.97","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.37","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.6","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.187"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"6.1.144"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"6.6.97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"6.12.37"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"6.15.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"6.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/68d3417305ee100dcad90fd6e5846b22497aa394"},{"url":"https://git.kernel.org/stable/c/f99408670407abb6493780e38cb4ece3fbb52cfc"},{"url":"https://git.kernel.org/stable/c/d5c1e3f32902ab518519d05515ee6030fd6c59ae"},{"url":"https://git.kernel.org/stable/c/c40b207cafd006c610832ba52a81cedee77adcb9"},{"url":"https://git.kernel.org/stable/c/93147abf80a831dd3b5660b3309b4f09546073b2"},{"url":"https://git.kernel.org/stable/c/6463cbe08b0cbf9bba8763306764f5fd643023e1"}],"title":"mtd: spinand: fix memory leak of ECC engine conf","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T17:37:16.226Z"}}]}}