CVE-2025-38575

MEDIUM

Linux Kernel - Memory Leak via Improper AEAD Request Freeing

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use aead_request_free to match aead_request_alloc Use aead_request_free() instead of kfree() to properly free memory allocated by aead_request_alloc(). This ensures sensitive crypto data is zeroed before being freed.

References (8)

Core 8

Core References

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

Patch

https://git.kernel.org/stable/c/571b342d4688801fc1f6a1934389dac09425dc93

Patch

https://git.kernel.org/stable/c/a6b594868268c3a7bfaeced912525cd2c445529a

Patch

https://git.kernel.org/stable/c/1de7fec4d3012672e31eeb6679ea60f7ca010ef9

Patch

https://git.kernel.org/stable/c/3e341dbd5f5a6e5a558e67da80731dc38a7f758c

Patch

https://git.kernel.org/stable/c/aef10ccd74512c52e30c5ee19d0031850973e78d

Patch

https://git.kernel.org/stable/c/46caeae23035192b9cc41872c827f30d0233f16e

Patch

https://git.kernel.org/stable/c/6171063e9d046ffa46f51579b2ca4a43caef581a

Scores

CVSS v3 5.5

EPSS 0.0013

EPSS Percentile 31.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (24)

debian/debian_linux 11.0

linux/Kernel 5.15.0 - 5.15.180linux

linux/Kernel 5.16.0 - 6.1.134linux

linux/Kernel 6.13.0 - 6.13.11linux

linux/Kernel 6.14.0 - 6.14.2linux

linux/Kernel 6.2.0 - 6.6.87linux

linux/Kernel 6.7.0 - 6.12.23linux

Linux/Linux < 5.15

Linux/Linux 5.15

Linux/Linux 5.15.180 - 5.15.*

... and 14 more

Published Apr 18, 2025

Tracked Since Feb 18, 2026