SB2025082842 - Memory leak in Linux kernel pci hotplug driver
Published: August 28, 2025
Security Bulletin ID
SB2025082842
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2025-38624)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pnv_php_register(), pnv_php_disable_irq(), pnv_php_free_slot(), pnv_php_reset_slot(), pnv_php_disable_slot(), pnv_php_alloc_slot() and pnv_php_init_irq() functions in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1773c19fa55e944cdd2634e2d9e552f87f2d38d5
- https://git.kernel.org/stable/c/28aa3cfce12487614219e7667ec84424e1f43227
- https://git.kernel.org/stable/c/32173edf3fe2d447e14e5e3b299387c6f9602a88
- https://git.kernel.org/stable/c/398170b7fd0e0db2f8096df5206c75e5ff41415a
- https://git.kernel.org/stable/c/4668619092554e1b95c9a5ac2941ca47ba6d548a
- https://git.kernel.org/stable/c/bbd302c4b79df10197ffa7270ca3aa572eeca33c