CVE-2025-38258 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write

memcg_path_store() assigns a newly allocated memory buffer to
filter->memcg_path, without deallocating the previously allocated and
assigned memory buffer. As a result, users can leak kernel memory by
continuously writing a data to memcg_path DAMOS sysfs file. Fix the leak
by deallocating the previously set memory buffer.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00025.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux	Linux Kernel

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/490a43d07f1663d827e802720d30cbc0494e4f81
https://git.kernel.org/stable/c/4a158ac0538dd5695eeaa00aa0720d711f3e4ef1
https://git.kernel.org/stable/c/4f489fe6afb395dbc79840efa3c05440b760d883
https://git.kernel.org/stable/c/c5d5b0047b0c0f304608f3824139f7bd34c48413
https://lore.kernel.org/linux-cve-announce/2025070936-CVE-2025-38258-4e00@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-38258
https://www.cve.org/CVERecord?id=CVE-2025-38258

History

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00018}`	epss `{'score': 0.00023}`

Thu, 10 Jul 2025 00:45:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025070936-CVE-2025-38258-4e00@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-38258 https://www.cve.org/CVERecord?id=CVE-2025-38258
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 09 Jul 2025 10:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write memcg_path_store() assigns a newly allocated memory buffer to filter->memcg_path, without deallocating the previously allocated and assigned memory buffer. As a result, users can leak kernel memory by continuously writing a data to memcg_path DAMOS sysfs file. Fix the leak by deallocating the previously set memory buffer.
Title		mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write
References		https://git.kernel.org/stable/c/490a43d07f1663d827e802720d30cbc0494e4f81 https://git.kernel.org/stable/c/4a158ac0538dd5695eeaa00aa0720d711f3e4ef1 https://git.kernel.org/stable/c/4f489fe6afb395dbc79840efa3c05440b760d883 https://git.kernel.org/stable/c/c5d5b0047b0c0f304608f3824139f7bd34c48413

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-07-09T10:42:35.000Z

Updated: 2025-07-28T04:16:23.939Z

Reserved: 2025-04-16T04:51:23.997Z

Link: CVE-2025-38258

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-07-09T11:15:28.110

Modified: 2025-07-10T13:17:30.017

Link: CVE-2025-38258

Redhat

Severity : Moderate

Publid Date: 2025-07-09T00:00:00Z

Links: CVE-2025-38258 - Bugzilla

OpenCVE Enrichment

Updated: 2025-07-13T21:08:10Z

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object