CVE-2025-40209Missing Release of Memory after Effective Lifetime in Linux

15 documents6 sources
Severity
N/A
No vector
EPSS
0.0%
top 94.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedNov 21
Latest updateFeb 24

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leak of qgroup_list in btrfs_add_qgroup_relation When btrfs_add_qgroup_relation() is called with invalid qgroup levels (src >= dst), the function returns -EINVAL directly without freeing the preallocated qgroup_list structure passed by the caller. This causes a memory leak because the caller unconditionally sets the pointer to NULL after the call, preventing any cleanup. The issue occurs because the level va

Affected Packages5 packages

Linuxlinux/linux_kernel6.11.06.12.58+1
Debianlinux/linux_kernel< 6.12.63-1+1
Ubuntulinux/linux_kernel< 6.17.0-14.14
CVEListV5linux/linux4addc1ffd67ad34394674dc91379dc04cfdd25373412d0e973e8f8381747d69033eda809a57a2581+3
debiandebian/linux< linux 6.17.8-1 (forky)

🔴Vulnerability Details

8
OSV
linux-azure vulnerabilities2026-02-24
OSV
linux-oem-6.17 vulnerabilities2026-02-17
OSV
linux-aws, linux-oracle vulnerabilities2026-02-17
OSV
linux-gcp vulnerabilities2026-02-12
OSV
linux, linux-raspi, linux-realtime vulnerabilities2026-02-12

📋Vendor Advisories

6
Ubuntu
Linux kernel (Azure) vulnerabilities2026-02-24
Ubuntu
Linux kernel (OEM) vulnerabilities2026-02-17
Ubuntu
Linux kernel (GCP) vulnerabilities2026-02-12
Ubuntu
Linux kernel vulnerabilities2026-02-12
Red Hat
kernel: btrfs: fix memory leak of qgroup_list in btrfs_add_qgroup_relation2025-11-21