CVE-2025-38014
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-11-14
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | 6.15 |
| linux | linux_kernel | 6.15 |
| linux | linux_kernel | 6.15 |
| linux | linux_kernel | 6.15 |
| linux | linux_kernel | 6.15 |
| linux | linux_kernel | 6.15 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability relates to the Linux kernel's dmaengine idxd driver. The issue was that the remove call did not properly use the idxd_cleanup() helper, which is responsible for cleaning up performance monitoring, interrupts, and internal structures. The fix refactors the remove call to use idxd_cleanup(), preventing code duplication and addressing missing put_device() calls for idxd groups, engines, and work queues. Essentially, it corrects resource cleanup to avoid potential issues.
How can this vulnerability impact me? :
Improper cleanup of device resources such as performance monitors, interrupts, and internal structures could lead to resource leaks or instability in the Linux kernel's dmaengine idxd driver. This might cause system instability, crashes, or degraded performance related to device management.