{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-38444", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:24.017Z", "datePublished": "2025-07-25T15:27:27.336Z", "dateUpdated": "2025-07-28T04:22:27.102Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-07-28T04:22:27.102Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nraid10: cleanup memleak at raid10_make_request\n\nIf raid10_read_request or raid10_write_request registers a new\nrequest and the REQ_NOWAIT flag is set, the code does not\nfree the malloc from the mempool.\n\nunreferenced object 0xffff8884802c3200 (size 192):\n comm \"fio\", pid 9197, jiffies 4298078271\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 88 41 02 00 00 00 00 00 .........A......\n 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc c1a049a2):\n __kmalloc+0x2bb/0x450\n mempool_alloc+0x11b/0x320\n raid10_make_request+0x19e/0x650 [raid10]\n md_handle_request+0x3b3/0x9e0\n __submit_bio+0x394/0x560\n __submit_bio_noacct+0x145/0x530\n submit_bio_noacct_nocheck+0x682/0x830\n __blkdev_direct_IO_async+0x4dc/0x6b0\n blkdev_read_iter+0x1e5/0x3b0\n __io_read+0x230/0x1110\n io_read+0x13/0x30\n io_issue_sqe+0x134/0x1180\n io_submit_sqes+0x48c/0xe90\n __do_sys_io_uring_enter+0x574/0x8b0\n do_syscall_64+0x5c/0xe0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nV4: changing backing tree to see if CKI tests will pass.\nThe patch code has not changed between any versions."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/md/raid10.c"], "versions": [{"version": "39db562b3fedb93978a7e42dd216b306740959f8", "lessThan": "10c6021a609deb95f23f0cc2f89aa9d4bffb14c7", "status": "affected", "versionType": "git"}, {"version": "c9aa889b035fca4598ae985a0f0c76ebbb547ad2", "lessThan": "9af149ca9d0dab6e59e813519d309eff62499864", "status": "affected", "versionType": "git"}, {"version": "c9aa889b035fca4598ae985a0f0c76ebbb547ad2", "lessThan": "8fc3d7b23d139e3cbc944c15d99b3cdbed797d2d", "status": "affected", "versionType": "git"}, {"version": "c9aa889b035fca4598ae985a0f0c76ebbb547ad2", "lessThan": "2941155d9a5ae098b480d551f3a5f8605d4f9af5", "status": "affected", "versionType": "git"}, {"version": "c9aa889b035fca4598ae985a0f0c76ebbb547ad2", "lessThan": "ed7bcd9f617e4107ac0813c516e72e6b8f6029bd", "status": "affected", "versionType": "git"}, {"version": "c9aa889b035fca4598ae985a0f0c76ebbb547ad2", "lessThan": "43806c3d5b9bb7d74ba4e33a6a8a41ac988bde24", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/md/raid10.c"], "versions": [{"version": "5.17", "status": "affected"}, {"version": "0", "lessThan": "5.17", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.189", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.146", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.99", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.39", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15.7", "lessThanOrEqual": "6.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.111", "versionEndExcluding": "5.15.189"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "6.1.146"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "6.6.99"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "6.12.39"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "6.15.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "6.16"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/10c6021a609deb95f23f0cc2f89aa9d4bffb14c7"}, {"url": "https://git.kernel.org/stable/c/9af149ca9d0dab6e59e813519d309eff62499864"}, {"url": "https://git.kernel.org/stable/c/8fc3d7b23d139e3cbc944c15d99b3cdbed797d2d"}, {"url": "https://git.kernel.org/stable/c/2941155d9a5ae098b480d551f3a5f8605d4f9af5"}, {"url": "https://git.kernel.org/stable/c/ed7bcd9f617e4107ac0813c516e72e6b8f6029bd"}, {"url": "https://git.kernel.org/stable/c/43806c3d5b9bb7d74ba4e33a6a8a41ac988bde24"}], "title": "raid10: cleanup memleak at raid10_make_request", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nraid10: cleanup memleak at raid10_make_request\n\nIf raid10_read_request or raid10_write_request registers a new\nrequest and the REQ_NOWAIT flag is set, the code does not\nfree the malloc from the mempool.\n\nunreferenced object 0xffff8884802c3200 (size 192):\n comm \"fio\", pid 9197, jiffies 4298078271\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 88 41 02 00 00 00 00 00 .........A......\n 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc c1a049a2):\n __kmalloc+0x2bb/0x450\n mempool_alloc+0x11b/0x320\n raid10_make_request+0x19e/0x650 [raid10]\n md_handle_request+0x3b3/0x9e0\n __submit_bio+0x394/0x560\n __submit_bio_noacct+0x145/0x530\n submit_bio_noacct_nocheck+0x682/0x830\n __blkdev_direct_IO_async+0x4dc/0x6b0\n blkdev_read_iter+0x1e5/0x3b0\n __io_read+0x230/0x1110\n io_read+0x13/0x30\n io_issue_sqe+0x134/0x1180\n io_submit_sqes+0x48c/0xe90\n __do_sys_io_uring_enter+0x574/0x8b0\n do_syscall_64+0x5c/0xe0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nV4: changing backing tree to see if CKI tests will pass.\nThe patch code has not changed between any versions."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: raid10: limpieza de fuga de memoria en raid10_make_request Si raid10_read_request o raid10_write_request registra una nueva solicitud y el indicador REQ_NOWAIT est\u00e1 configurado, el c\u00f3digo no libera el malloc del grupo de memoria. objeto sin referencia 0xffff8884802c3200 (tama\u00f1o 192): comm \"fio\", pid 9197, jiffies 4298078271 volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 88 41 02 00 00 00 00 00 .........A...... 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ seguimiento inverso (crc c1a049a2): __kmalloc+0x2bb/0x450 mempool_alloc+0x11b/0x320 raid10_make_request+0x19e/0x650 [raid10] md_handle_request+0x3b3/0x9e0 __submit_bio+0x394/0x560 __submit_bio_noacct+0x145/0x530 submit_bio_noacct_nocheck+0x682/0x830 __blkdev_direct_IO_async+0x4dc/0x6b0 blkdev_read_iter+0x1e5/0x3b0 __io_read+0x230/0x1110 io_read+0x13/0x30 io_issue_sqe+0x134/0x1180 io_submit_sqes+0x48c/0xe90 __do_sys_io_uring_enter+0x574/0x8b0 do_syscall_64+0x5c/0xe0 entry_SYSCALL_64_after_hwframe+0x76/0x7e V4: Se modific\u00f3 el \u00e1rbol de respaldo para comprobar si las pruebas CKI superan las pruebas. El c\u00f3digo del parche no ha cambiado entre versiones."}], "id": "CVE-2025-38444", "lastModified": "2025-07-29T14:14:55.157", "metrics": {}, "published": "2025-07-25T16:15:29.860", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/10c6021a609deb95f23f0cc2f89aa9d4bffb14c7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2941155d9a5ae098b480d551f3a5f8605d4f9af5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/43806c3d5b9bb7d74ba4e33a6a8a41ac988bde24"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8fc3d7b23d139e3cbc944c15d99b3cdbed797d2d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9af149ca9d0dab6e59e813519d309eff62499864"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ed7bcd9f617e4107ac0813c516e72e6b8f6029bd"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: raid10: cleanup memleak at raid10_make_request", "id": "2383510", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383510"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nraid10: cleanup memleak at raid10_make_request\nIf raid10_read_request or raid10_write_request registers a new\nrequest and the REQ_NOWAIT flag is set, the code does not\nfree the malloc from the mempool.\nunreferenced object 0xffff8884802c3200 (size 192):\ncomm \"fio\", pid 9197, jiffies 4298078271\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 88 41 02 00 00 00 00 00 .........A......\n08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace (crc c1a049a2):\n__kmalloc+0x2bb/0x450\nmempool_alloc+0x11b/0x320\nraid10_make_request+0x19e/0x650 [raid10]\nmd_handle_request+0x3b3/0x9e0\n__submit_bio+0x394/0x560\n__submit_bio_noacct+0x145/0x530\nsubmit_bio_noacct_nocheck+0x682/0x830\n__blkdev_direct_IO_async+0x4dc/0x6b0\nblkdev_read_iter+0x1e5/0x3b0\n__io_read+0x230/0x1110\nio_read+0x13/0x30\nio_issue_sqe+0x134/0x1180\nio_submit_sqes+0x48c/0xe90\n__do_sys_io_uring_enter+0x574/0x8b0\ndo_syscall_64+0x5c/0xe0\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nV4: changing backing tree to see if CKI tests will pass.\nThe patch code has not changed between any versions."], "name": "CVE-2025-38444", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-07-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-38444\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38444\nhttps://lore.kernel.org/linux-cve-announce/2025072503-CVE-2025-38444-4b60@gregkh/T"], "threat_severity": "Moderate"}