PT-2025-30822 · Linux+7 · Linux Kernel+7

Published

2025-05-16

Updated

2025-11-25

CVE-2025-38417

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak was identified in the ice module within the Linux kernel, specifically in the reset scenario involving eswitch code. The issue occurs during Virtual Function (VF) detach/attach procedures when the device is configured in switchdev mode. Memory was allocated without proper freeing when operating in legacy mode, leading to a memory leak. The ice repr create and ice eswitch attach vf functions are involved in the process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALSA-2025:14420

ALSA-2025:14510

BDU:2025-09132

CVE-2025-38417

INFSA-2025_14420

OPENSUSE-SU-2025:20081-1

RHSA-2025:14420

RHSA-2025:14510

RHSA-2025_14420

SUSE-SU-2025:02853-1

SUSE-SU-2025:02997-1

SUSE-SU-2025:03011-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025_02853-1

SUSE-SU-2025_02997-1

SUSE-SU-2025_03011-1

USN-7833-1

USN-7833-2

USN-7833-3

USN-7833-4

USN-7834-1

USN-7856-1

Affected Products

Almalinux

Astra Linux

Linuxmint

Linux Kernel

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2025-30822 · Linux+7 · Linux Kernel+7

CVE-2025-38417

Weakness Enumeration

Related Identifiers

Affected Products

References · 1648