CVE-2025-40017 — Missing Release of Memory after Effective Lifetime in Linux

6 documents5 sources

Severity

—N/A

No vector

EPSS

0.0%

top 92.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedOct 20

Description

In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix memory leak by freeing untracked persist buffer One internal buffer which is allocated only once per session was not being freed during session close because it was not being tracked as part of internal buffer list which resulted in a memory leak. Add the necessary logic to explicitly free the untracked internal buffer during session close to ensure all allocated memory is released properly.

Affected Packages4 packages

▶Linuxlinux/linux_kernel6.15.0 — 6.16.11+1

▶Debianlinux/linux_kernel< 6.16.11-1

▶CVEListV5linux/linux73702f45db81b74897b2808aaa13484826156006 — c9e024e907cafafd6b094f69a0d0f5d18fd28876+3

▶debiandebian/linux< linux 6.16.11-1 (forky)

🔴Vulnerability Details

GHSA

GHSA-p74f-qpqg-5w8f: In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix memory leak by freeing untracked persist buffer One internal bu↗2025-10-20

▶

OSV

media: iris: Fix memory leak by freeing untracked persist buffer↗2025-10-20

▶

OSV

CVE-2025-40017: In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix memory leak by freeing untracked persist buffer One internal buff↗2025-10-20

▶

📋Vendor Advisories

Red Hat

kernel: media: iris: Fix memory leak by freeing untracked persist buffer↗2025-10-20

▶

Debian

CVE-2025-40017: linux - In the Linux kernel, the following vulnerability has been resolved: media: iris...↗2025

▶