Acknowledged
Created: Jul 11, 2025
Updated: Jul 14, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]ACPICA: fix acpi parse and parseext cache leaks[EOL][EOL]ACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5[EOL][EOL]I'm Seunghun Han, and I work for National Security Research Institute of[EOL]South Korea.[EOL][EOL]I have been doing a research on ACPI and found an ACPI cache leak in ACPI[EOL]early abort cases.[EOL][EOL]Boot log of ACPI cache leak is as follows:[EOL][ 0.352414] ACPI: Added _OSI(Module Device)[EOL][ 0.353182] ACPI: Added _OSI(Processor Device)[EOL][ 0.353182] ACPI: Added _OSI(3.0 _SCP Extensions)[EOL][ 0.353182] ACPI: Added _OSI(Processor Aggregator Device)[EOL][ 0.356028] ACPI: Unable to start the ACPI Interpreter[EOL][ 0.356799] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)[EOL][ 0.360215] kmem_cache_destroy Acpi-State: Slab cache still has objects[EOL][ 0.360648] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W[EOL]4.12.0-rc4-next-20170608+ #10[EOL][ 0.361273] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS[EOL]virtual_box 12/01/2006[EOL][ 0.361873] Call Trace:[EOL][ 0.362243] ? dump_stack+0x5c/0x81[EOL][ 0.362591] ? kmem_cache_destroy+0x1aa/0x1c0[EOL][ 0.362944] ? acpi_sleep_proc_init+0x27/0x27[EOL][ 0.363296] ? acpi_os_delete_cache+0xa/0x10[EOL][ 0.363646] ? acpi_ut_delete_caches+0x6d/0x7b[EOL][ 0.364000] ? acpi_terminate+0xa/0x14[EOL][ 0.364000] ? acpi_init+0x2af/0x34f[EOL][ 0.364000] ? __class_create+0x4c/0x80[EOL][ 0.364000] ? video_setup+0x7f/0x7f[EOL][ 0.364000] ? acpi_sleep_proc_init+0x27/0x27[EOL][ 0.364000] ? do_one_initcall+0x4e/0x1a0[EOL][ 0.364000] ? kernel_init_freeable+0x189/0x20a[EOL][ 0.364000] ? rest_init+0xc0/0xc0[EOL][ 0.364000] ? kernel_init+0xa/0x100[EOL][ 0.364000] ? ret_from_fork+0x25/0x30[EOL][EOL]I analyzed this memory leak in detail. I found that â\x80\x9cAcpi-Stateâ\x80\x9d cache and[EOL]â\x80\x9cAcpi-Parseâ\x80\x9d cache were merged because the size of cache objects was same[EOL]slab cache size.[EOL][EOL]I finally found â\x80\x9cAcpi-Parseâ\x80\x9d cache and â\x80\x9cAcpi-parse_extâ\x80\x9d cache were leaked[EOL]using SLAB_NEVER_MERGE flag in kmem_cache_create() function.[EOL][EOL]Real ACPI cache leak point is as follows:[EOL][ 0.360101] ACPI: Added _OSI(Module Device)[EOL][ 0.360101] ACPI: Added _OSI(Processor Device)[EOL][ 0.360101] ACPI: Added _OSI(3.0 _SCP Extensions)[EOL][ 0.361043] ACPI: Added _OSI(Processor Aggregator Device)[EOL][ 0.364016] ACPI: Unable to start the ACPI Interpreter[EOL][ 0.365061] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)[EOL][ 0.368174] kmem_cache_destroy Acpi-Parse: Slab cache still has objects[EOL][ 0.369332] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W[EOL]4.12.0-rc4-next-20170608+ #8[EOL][ 0.371256] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS[EOL]virtual_box 12/01/2006[EOL][ 0.372000] Call Trace:[EOL][ 0.372000] ? dump_stack+0x5c/0x81[EOL][ 0.372000] ? kmem_cache_destroy+0x1aa/0x1c0[EOL][ 0.372000] ? acpi_sleep_proc_init+0x27/0x27[EOL][ 0.372000] ? acpi_os_delete_cache+0xa/0x10[EOL][ 0.372000] ? acpi_ut_delete_caches+0x56/0x7b[EOL][ 0.372000] ? acpi_terminate+0xa/0x14[EOL][ 0.372000] ? acpi_init+0x2af/0x34f[EOL][ 0.372000] ? __class_create+0x4c/0x80[EOL][ 0.372000] ? video_setup+0x7f/0x7f[EOL][ 0.372000] ? acpi_sleep_proc_init+0x27/0x27[EOL][ 0.372000] ? do_one_initcall+0x4e/0x1a0[EOL][ 0.372000] ? kernel_init_freeable+0x189/0x20a[EOL][ 0.372000] ? rest_init+0xc0/0xc0[EOL][ 0.372000] ? kernel_init+0xa/0x100[EOL][ 0.372000] ? ret_from_fork+0x25/0x30[EOL][ 0.388039] kmem_cache_destroy Acpi-parse_ext: Slab cache still has objects[EOL][ 0.389063] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W[EOL]4.12.0-rc4-next-20170608+ #8[EOL][ 0.390557] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS[EOL]virtual_box 12/01/2006[EOL][ 0.392000] Call Trace:[EOL][ 0.392000] ? dump_stack+0x5c/0x81[EOL][ 0.392000] ? kmem_cache_destroy+0x1aa/0x1c0[EOL][ 0.392000] ? acpi_sleep_proc_init+0x27/0x27[EOL][ 0.392000] ? acpi_os_delete_cache+0xa/0x10[EOL][ 0.392000] ? acpi_ut_delete_caches+0x6d/0x7b[EOL][ 0.392000] ? acpi_terminate+0xa/0x14[EOL][ 0.392000] ? acpi_init+0x2af/0x3[EOL]---truncated---
CREATE(Triage):(User=admin) [CVE-2025-38344 (https://nvd.nist.gov/vuln/detail/CVE-2025-38344)
