cve/2025/CVE-2025-38384.md

### [CVE-2025-38384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38384)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)

### Description

In the Linux kernel, the following vulnerability has been resolved:mtd: spinand: fix memory leak of ECC engine confMemory allocated for the ECC engine conf is not released during spinandcleanup. Below kmemleak trace is seen for this memory leak:unreferenced object 0xffffff80064f00e0 (size 8):  comm "swapper/0", pid 1, jiffies 4294937458  hex dump (first 8 bytes):    00 00 00 00 00 00 00 00                          ........  backtrace (crc 0):    kmemleak_alloc+0x30/0x40    __kmalloc_cache_noprof+0x208/0x3c0    spinand_ondie_ecc_init_ctx+0x114/0x200    nand_ecc_init_ctx+0x70/0xa8    nanddev_ecc_engine_init+0xec/0x27c    spinand_probe+0xa2c/0x1620    spi_mem_probe+0x130/0x21c    spi_probe+0xf0/0x170    really_probe+0x17c/0x6e8    __driver_probe_device+0x17c/0x21c    driver_probe_device+0x58/0x180    __device_attach_driver+0x15c/0x1f8    bus_for_each_drv+0xec/0x150    __device_attach+0x188/0x24c    device_initial_probe+0x10/0x20    bus_probe_device+0x11c/0x160Fix the leak by calling nanddev_ecc_engine_cleanup() insidespinand_cleanup().

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/w4zu/Debian_security