CVE-2025-38258

mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write

Description

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write memcg_path_store() assigns a newly allocated memory buffer to filter->memcg_path, without deallocating the previously allocated and assigned memory buffer. As a result, users can leak kernel memory by continuously writing a data to memcg_path DAMOS sysfs file. Fix the leak by deallocating the previously set memory buffer.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/490a43d07f1663d827e802720d30cbc0494e4f81
https://git.kernel.org/stable/c/c5d5b0047b0c0f304608f3824139f7bd34c48413
https://git.kernel.org/stable/c/4a158ac0538dd5695eeaa00aa0720d711f3e4ef1
https://git.kernel.org/stable/c/4f489fe6afb395dbc79840efa3c05440b760d883

Frequently Asked Questions

What is the severity of CVE-2025-38258?
CVE-2025-38258 has not yet been assigned a CVSS score.
How to fix CVE-2025-38258?
To fix CVE-2025-38258, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38258 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38258 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38258?
CVE-2025-38258 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.