{ "affected": [ { "ranges": [ { "events": [ { "introduced": "88ac00f5a841dcfc5c682000f4a6add0add8caac" }, { "fixed": "1e0e629e88b1f7751ce69bf70cda6d1598d45271" }, { "fixed": "41afebc9a0762aafc35d2df88f4e1b798155a940" }, { "fixed": "960236150cd3f08e13b397dd5ae4ccf7a2986c00" }, { "fixed": "0a119fdaed67566aa3e0b5222dced4d08bbce463" }, { "fixed": "1fee4324b5660de080cefc3fc91c371543bdb8f6" }, { "fixed": "198c2dab022e5e94a99fff267b669d693bc7bb49" }, { "fixed": "3e0c59180ec83bdec43b3d3482cff23d86d380d0" }, { "fixed": "bed18f0bdcd6737a938264a59d67923688696fc4" } ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "type": "GIT" } ] } ], "database_specific": { "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38344.json" }, "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: fix acpi parse and parseext cache leaks\n\nACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5\n\nI'm Seunghun Han, and I work for National Security Research Institute of\nSouth Korea.\n\nI have been doing a research on ACPI and found an ACPI cache leak in ACPI\nearly abort cases.\n\nBoot log of ACPI cache leak is as follows:\n[ 0.352414] ACPI: Added _OSI(Module Device)\n[ 0.353182] ACPI: Added _OSI(Processor Device)\n[ 0.353182] ACPI: Added _OSI(3.0 _SCP Extensions)\n[ 0.353182] ACPI: Added _OSI(Processor Aggregator Device)\n[ 0.356028] ACPI: Unable to start the ACPI Interpreter\n[ 0.356799] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n[ 0.360215] kmem_cache_destroy Acpi-State: Slab cache still has objects\n[ 0.360648] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #10\n[ 0.361273] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.361873] Call Trace:\n[ 0.362243] ? dump_stack+0x5c/0x81\n[ 0.362591] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.362944] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.363296] ? acpi_os_delete_cache+0xa/0x10\n[ 0.363646] ? acpi_ut_delete_caches+0x6d/0x7b\n[ 0.364000] ? acpi_terminate+0xa/0x14\n[ 0.364000] ? acpi_init+0x2af/0x34f\n[ 0.364000] ? __class_create+0x4c/0x80\n[ 0.364000] ? video_setup+0x7f/0x7f\n[ 0.364000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.364000] ? do_one_initcall+0x4e/0x1a0\n[ 0.364000] ? kernel_init_freeable+0x189/0x20a\n[ 0.364000] ? rest_init+0xc0/0xc0\n[ 0.364000] ? kernel_init+0xa/0x100\n[ 0.364000] ? ret_from_fork+0x25/0x30\n\nI analyzed this memory leak in detail. I found that “Acpi-State” cache and\n“Acpi-Parse” cache were merged because the size of cache objects was same\nslab cache size.\n\nI finally found “Acpi-Parse” cache and “Acpi-parse_ext” cache were leaked\nusing SLAB_NEVER_MERGE flag in kmem_cache_create() function.\n\nReal ACPI cache leak point is as follows:\n[ 0.360101] ACPI: Added _OSI(Module Device)\n[ 0.360101] ACPI: Added _OSI(Processor Device)\n[ 0.360101] ACPI: Added _OSI(3.0 _SCP Extensions)\n[ 0.361043] ACPI: Added _OSI(Processor Aggregator Device)\n[ 0.364016] ACPI: Unable to start the ACPI Interpreter\n[ 0.365061] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n[ 0.368174] kmem_cache_destroy Acpi-Parse: Slab cache still has objects\n[ 0.369332] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #8\n[ 0.371256] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.372000] Call Trace:\n[ 0.372000] ? dump_stack+0x5c/0x81\n[ 0.372000] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.372000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.372000] ? acpi_os_delete_cache+0xa/0x10\n[ 0.372000] ? acpi_ut_delete_caches+0x56/0x7b\n[ 0.372000] ? acpi_terminate+0xa/0x14\n[ 0.372000] ? acpi_init+0x2af/0x34f\n[ 0.372000] ? __class_create+0x4c/0x80\n[ 0.372000] ? video_setup+0x7f/0x7f\n[ 0.372000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.372000] ? do_one_initcall+0x4e/0x1a0\n[ 0.372000] ? kernel_init_freeable+0x189/0x20a\n[ 0.372000] ? rest_init+0xc0/0xc0\n[ 0.372000] ? kernel_init+0xa/0x100\n[ 0.372000] ? ret_from_fork+0x25/0x30\n[ 0.388039] kmem_cache_destroy Acpi-parse_ext: Slab cache still has objects\n[ 0.389063] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #8\n[ 0.390557] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.392000] Call Trace:\n[ 0.392000] ? dump_stack+0x5c/0x81\n[ 0.392000] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.392000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.392000] ? acpi_os_delete_cache+0xa/0x10\n[ 0.392000] ? acpi_ut_delete_caches+0x6d/0x7b\n[ 0.392000] ? acpi_terminate+0xa/0x14\n[ 0.392000] ? acpi_init+0x2af/0x3\n---truncated---", "id": "CVE-2025-38344", "modified": "2026-04-01T23:07:59.293290315Z", "published": "2025-07-10T08:15:12.791Z", "references": [ { "type": "WEB", "url": "https://git.kernel.org/stable/c/0a119fdaed67566aa3e0b5222dced4d08bbce463" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/198c2dab022e5e94a99fff267b669d693bc7bb49" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/1e0e629e88b1f7751ce69bf70cda6d1598d45271" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/1fee4324b5660de080cefc3fc91c371543bdb8f6" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/3e0c59180ec83bdec43b3d3482cff23d86d380d0" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/41afebc9a0762aafc35d2df88f4e1b798155a940" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/960236150cd3f08e13b397dd5ae4ccf7a2986c00" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/bed18f0bdcd6737a938264a59d67923688696fc4" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" }, { "type": "ADVISORY", "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38344.json" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38344" }, { "type": "PACKAGE", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git" } ], "schema_version": "1.7.3", "summary": "ACPICA: fix acpi parse and parseext cache leaks" }