Fixed
Created: Jul 28, 2025
Updated: Aug 28, 2025
Resolved Date: Aug 28, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]mtd: spinand: fix memory leak of ECC engine conf[EOL][EOL]Memory allocated for the ECC engine conf is not released during spinand[EOL]cleanup. Below kmemleak trace is seen for this memory leak:[EOL][EOL]unreferenced object 0xffffff80064f00e0 (size 8):[EOL] comm "swapper/0", pid 1, jiffies 4294937458[EOL] hex dump (first 8 bytes):[EOL] 00 00 00 00 00 00 00 00 ........[EOL] backtrace (crc 0):[EOL] kmemleak_alloc+0x30/0x40[EOL] __kmalloc_cache_noprof+0x208/0x3c0[EOL] spinand_ondie_ecc_init_ctx+0x114/0x200[EOL] nand_ecc_init_ctx+0x70/0xa8[EOL] nanddev_ecc_engine_init+0xec/0x27c[EOL] spinand_probe+0xa2c/0x1620[EOL] spi_mem_probe+0x130/0x21c[EOL] spi_probe+0xf0/0x170[EOL] really_probe+0x17c/0x6e8[EOL] __driver_probe_device+0x17c/0x21c[EOL] driver_probe_device+0x58/0x180[EOL] __device_attach_driver+0x15c/0x1f8[EOL] bus_for_each_drv+0xec/0x150[EOL] __device_attach+0x188/0x24c[EOL] device_initial_probe+0x10/0x20[EOL] bus_probe_device+0x11c/0x160[EOL][EOL]Fix the leak by calling nanddev_ecc_engine_cleanup() inside[EOL]spinand_cleanup().
CREATE(Triage):(User=admin) [CVE-2025-38384 (https://nvd.nist.gov/vuln/detail/CVE-2025-38384)
