CVE-2025-38390

Commit e0573444edbf ("firmware: arm_ffa: Add interfaces to request notification callbacks") adds support for notifier callbacks by allocating and inserting a callback node into a hashtable during registration of notifiers. However, during unregistration, the code only removes the node from the hashtable without freeing the associated memory, resulting in a memory leak.

Resolve the memory leak issue by ensuring the allocated notifier callback node is properly freed after it is removed from the hashtable entry.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38390.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

e0573444edbf4ee7e3c191d3d08a4ccbd26628be

Fixed

076fa20b4f5737c34921dbb152f9efceaee571b2

Fixed

938827c440564b2cf2f9b804d1fe81ce8267eded

Fixed

a833d31ad867103ba72a0b73f3606f4ab8601719

Affected versions

v6.*

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.12

v6.12-rc1

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.12-rc5

v6.12-rc6

v6.12-rc7

v6.12.1

v6.12.10

v6.12.11

v6.12.12

v6.12.13

v6.12.14

v6.12.15

v6.12.16

v6.12.17

v6.12.18

v6.12.19

v6.12.2

v6.12.20

v6.12.21

v6.12.22

v6.12.23

v6.12.24

v6.12.25

v6.12.26

v6.12.27

v6.12.28

v6.12.29

v6.12.3

v6.12.30

v6.12.31

v6.12.32

v6.12.33

v6.12.34

v6.12.35

v6.12.36

v6.12.4

v6.12.5

v6.12.6

v6.12.7

v6.12.8

v6.12.9

v6.13

v6.13-rc1

v6.13-rc2

v6.13-rc3

v6.13-rc4

v6.13-rc5

v6.13-rc6

v6.13-rc7

v6.14

v6.14-rc1

v6.14-rc2

v6.14-rc3

v6.14-rc4

v6.14-rc5

v6.14-rc6

v6.14-rc7

v6.15

v6.15-rc1

v6.15-rc2

v6.15-rc3

v6.15-rc4

v6.15-rc5

v6.15-rc6

v6.15-rc7

v6.15.1

v6.15.2

v6.15.3

v6.15.4

v6.15.5

v6.16-rc1

v6.6

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38390.json"

vanir_signatures

[
    {
        "signature_version": "v1",
        "target": {
            "file": "drivers/firmware/arm_ffa/driver.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@076fa20b4f5737c34921dbb152f9efceaee571b2",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "326567555706953984676691956449392793373",
                "127478976822890425869879746309906732411",
                "195450458434168174426513819238881437877",
                "228235234280515508436794143788611429281"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2025-38390-10230c07",
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "drivers/firmware/arm_ffa/driver.c",
            "function": "update_notifier_cb"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@076fa20b4f5737c34921dbb152f9efceaee571b2",
        "deprecated": false,
        "digest": {
            "function_hash": "224016096955207051309542643980611023511",
            "length": 510.0
        },
        "id": "CVE-2025-38390-adb0cf54",
        "signature_type": "Function"
    }
]