CVE-2025-39679

MEDIUM

Linux Kernel < 6.6.103 - Memory Leak

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). When the nvif_vmm_type is invalid, we will return error directly without freeing the args in nvif_vmm_ctor(), which leading a memory leak. Fix it by setting the ret -EINVAL and goto done.

References (4)

[Patch] https://git.kernel.org/stable/c/72553fe19317fe93cb8591c83095c446bc7fe292

[Patch] https://git.kernel.org/stable/c/7d9110e3b35d08832661da1a1fc2d24455981a04

[Patch] https://git.kernel.org/stable/c/bb8aeaa3191b617c6faf8ae937252e059673b7ea

[Patch] https://git.kernel.org/stable/c/cabcb52d76d3d42f16c344a96e098dd9d18602f8

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 4.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-401

Status published

Products (5)

linux/Kernel 6.13.0 - 6.16.4linux

linux/Kernel 6.6.0 - 6.6.103linux

linux/Kernel 6.7.0 - 6.12.44linux

linux/linux_kernel 6.17 rc1 (2 CPE variants)

linux/linux_kernel 6.6 - 6.6.103

Published Sep 05, 2025

Tracked Since Feb 18, 2026