CVE-2025-38344

10.07.2025, 09:15

In the Linux kernel, the following vulnerability has been resolved:

ACPICA: fix acpi parse and parseext cache leaks

ACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5

I'm Seunghun Han, and I work for National Security Research Institute of
South Korea.

I have been doing a research on ACPI and found an ACPI cache leak in ACPI
early abort cases.

Boot log of ACPI cache leak is as follows:
[    0.352414] ACPI: Added _OSI(Module Device)
[    0.353182] ACPI: Added _OSI(Processor Device)
[    0.353182] ACPI: Added _OSI(3.0 _SCP Extensions)
[    0.353182] ACPI: Added _OSI(Processor Aggregator Device)
[    0.356028] ACPI: Unable to start the ACPI Interpreter
[    0.356799] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)
[    0.360215] kmem_cache_destroy Acpi-State: Slab cache still has objects
[    0.360648] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G        W
4.12.0-rc4-next-20170608+ #10
[    0.361273] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS
virtual_box 12/01/2006
[    0.361873] Call Trace:
[    0.362243]  ? dump_stack+0x5c/0x81
[    0.362591]  ? kmem_cache_destroy+0x1aa/0x1c0
[    0.362944]  ? acpi_sleep_proc_init+0x27/0x27
[    0.363296]  ? acpi_os_delete_cache+0xa/0x10
[    0.363646]  ? acpi_ut_delete_caches+0x6d/0x7b
[    0.364000]  ? acpi_terminate+0xa/0x14
[    0.364000]  ? acpi_init+0x2af/0x34f
[    0.364000]  ? __class_create+0x4c/0x80
[    0.364000]  ? video_setup+0x7f/0x7f
[    0.364000]  ? acpi_sleep_proc_init+0x27/0x27
[    0.364000]  ? do_one_initcall+0x4e/0x1a0
[    0.364000]  ? kernel_init_freeable+0x189/0x20a
[    0.364000]  ? rest_init+0xc0/0xc0
[    0.364000]  ? kernel_init+0xa/0x100
[    0.364000]  ? ret_from_fork+0x25/0x30

I analyzed this memory leak in detail. I found that Acpi-State cache and
Acpi-Parse cache were merged because the size of cache objects was same
slab cache size.

I finally found Acpi-Parse cache and Acpi-parse_ext cache were leaked
using SLAB_NEVER_MERGE flag in kmem_cache_create() function.

Real ACPI cache leak point is as follows:
[    0.360101] ACPI: Added _OSI(Module Device)
[    0.360101] ACPI: Added _OSI(Processor Device)
[    0.360101] ACPI: Added _OSI(3.0 _SCP Extensions)
[    0.361043] ACPI: Added _OSI(Processor Aggregator Device)
[    0.364016] ACPI: Unable to start the ACPI Interpreter
[    0.365061] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)
[    0.368174] kmem_cache_destroy Acpi-Parse: Slab cache still has objects
[    0.369332] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G        W
4.12.0-rc4-next-20170608+ #8
[    0.371256] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS
virtual_box 12/01/2006
[    0.372000] Call Trace:
[    0.372000]  ? dump_stack+0x5c/0x81
[    0.372000]  ? kmem_cache_destroy+0x1aa/0x1c0
[    0.372000]  ? acpi_sleep_proc_init+0x27/0x27
[    0.372000]  ? acpi_os_delete_cache+0xa/0x10
[    0.372000]  ? acpi_ut_delete_caches+0x56/0x7b
[    0.372000]  ? acpi_terminate+0xa/0x14
[    0.372000]  ? acpi_init+0x2af/0x34f
[    0.372000]  ? __class_create+0x4c/0x80
[    0.372000]  ? video_setup+0x7f/0x7f
[    0.372000]  ? acpi_sleep_proc_init+0x27/0x27
[    0.372000]  ? do_one_initcall+0x4e/0x1a0
[    0.372000]  ? kernel_init_freeable+0x189/0x20a
[    0.372000]  ? rest_init+0xc0/0xc0
[    0.372000]  ? kernel_init+0xa/0x100
[    0.372000]  ? ret_from_fork+0x25/0x30
[    0.388039] kmem_cache_destroy Acpi-parse_ext: Slab cache still has objects
[    0.389063] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G        W
4.12.0-rc4-next-20170608+ #8
[    0.390557] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS
virtual_box 12/01/2006
[    0.392000] Call Trace:
[    0.392000]  ? dump_stack+0x5c/0x81
[    0.392000]  ? kmem_cache_destroy+0x1aa/0x1c0
[    0.392000]  ? acpi_sleep_proc_init+0x27/0x27
[    0.392000]  ? acpi_os_delete_cache+0xa/0x10
[    0.392000]  ? acpi_ut_delete_caches+0x6d/0x7b
[    0.392000]  ? acpi_terminate+0xa/0x14
[    0.392000]  ? acpi_init+0x2af/0x3
---truncated---

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bullseye	vulnerable
bullseye (security)	vulnerable
bookworm	vulnerable
bookworm (security)	vulnerable
trixie	6.12.35-1 fixed
trixie (security)	vulnerable
sid	6.12.37-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

plucky	needs-triage
oracular	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage
trusty	needs-triage

linux-allwinner-5.19

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-aws

plucky	needs-triage
oracular	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage
trusty	needs-triage

linux-aws-5.0

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored

linux-aws-5.11

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-aws-5.13

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-aws-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-aws-5.19

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-aws-5.3

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored

linux-aws-5.4

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-aws-5.8

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-aws-6.2

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-aws-6.5

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-aws-6.8

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage

linux-aws-fips

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage
focal	needs-triage
bionic	needs-triage

linux-aws-hwe

plucky	dne
oracular	dne
noble	dne
jammy	dne
xenial	needs-triage

linux-azure

plucky	needs-triage
oracular	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	ignored
xenial	needs-triage
trusty	needs-triage

linux-azure-4.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-azure-5.11

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-azure-5.13

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-azure-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-azure-5.19

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-azure-5.3

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored

linux-azure-5.4

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-azure-5.8

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-azure-6.11

plucky	dne
oracular	dne
noble	needs-triage
jammy	dne

linux-azure-6.2

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-azure-6.5

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-azure-6.8

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage

linux-azure-edge

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored

linux-azure-fde

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage
focal	ignored

linux-azure-fde-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-azure-fde-5.19

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-azure-fde-6.2

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-azure-fips

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage
focal	needs-triage
bionic	needs-triage

linux-azure-nvidia

plucky	dne
oracular	dne
noble	needs-triage
jammy	dne

linux-bluefield

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-fips

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage

linux-gcp

plucky	needs-triage
oracular	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	ignored
xenial	needs-triage

linux-gcp-4.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-gcp-5.11

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-gcp-5.13

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-gcp-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-gcp-5.19

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-gcp-5.3

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored

linux-gcp-5.4

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-gcp-5.8

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-gcp-6.11

plucky	dne
oracular	dne
noble	needs-triage
jammy	dne

linux-gcp-6.2

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-gcp-6.5

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-gcp-6.8

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage

linux-gcp-fips

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage
focal	needs-triage
bionic	needs-triage

linux-gke

plucky	dne
oracular	dne
noble	needs-triage
jammy	needs-triage
focal	ignored

linux-gke-4.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored

linux-gke-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-gke-5.4

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored

linux-gkeop

plucky	dne
oracular	dne
noble	needs-triage
jammy	needs-triage
focal	ignored

linux-gkeop-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-gkeop-5.4

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored

linux-hwe

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored
xenial	needs-triage

linux-hwe-5.11

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-hwe-5.13

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-hwe-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-hwe-5.19

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-hwe-5.4

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-hwe-5.8

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-hwe-6.11

plucky	dne
oracular	dne
noble	needs-triage
jammy	dne

linux-hwe-6.2

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-hwe-6.5

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-hwe-6.8

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage

linux-hwe-edge

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored
xenial	ignored

linux-ibm

plucky	dne
oracular	dne
noble	needs-triage
jammy	needs-triage
focal	needs-triage

linux-ibm-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-ibm-5.4

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-ibm-6.8

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage

linux-intel-5.13

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-intel-iot-realtime

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage

linux-intel-iotg

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage

linux-intel-iotg-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-iot

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-kvm

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage

linux-lowlatency

plucky	dne
oracular	needs-triage
noble	needs-triage
jammy	needs-triage

linux-lowlatency-hwe-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-lowlatency-hwe-5.19

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-lowlatency-hwe-6.11

plucky	dne
oracular	dne
noble	needs-triage
jammy	dne

linux-lowlatency-hwe-6.2

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-lowlatency-hwe-6.5

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-lowlatency-hwe-6.8

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage

linux-lts-xenial

plucky	dne
oracular	dne
noble	dne
jammy	dne
trusty	needs-triage

linux-nvidia

plucky	dne
oracular	dne
noble	needs-triage
jammy	needs-triage

linux-nvidia-6.2

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-nvidia-6.5

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-nvidia-6.8

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage

linux-nvidia-lowlatency

plucky	dne
oracular	dne
noble	needs-triage
jammy	dne

linux-nvidia-tegra

plucky	dne
oracular	dne
noble	needs-triage
jammy	needs-triage

linux-nvidia-tegra-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-nvidia-tegra-igx

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage

linux-oem

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored

linux-oem-5.10

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-oem-5.13

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-oem-5.14

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-oem-5.17

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-oem-5.6

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-oem-6.0

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-oem-6.1

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-oem-6.11

plucky	dne
oracular	dne
noble	needs-triage
jammy	dne

linux-oem-6.5

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-oem-6.8

plucky	dne
oracular	dne
noble	needs-triage
jammy	dne

linux-oracle

plucky	needs-triage
oracular	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage

linux-oracle-5.0

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored

linux-oracle-5.11

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-oracle-5.13

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-oracle-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-oracle-5.3

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored

linux-oracle-5.4

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-oracle-5.8

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-oracle-6.5

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-oracle-6.8

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage

linux-raspi

plucky	needs-triage
oracular	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage

linux-raspi-5.4

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-raspi-realtime

plucky	dne
oracular	dne
noble	needs-triage
jammy	dne

linux-raspi2

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-realtime

plucky	needs-triage
oracular	needs-triage
noble	needs-triage
jammy	needs-triage

linux-riscv

plucky	needs-triage
oracular	needs-triage
noble	ignored
jammy	ignored
focal	ignored

linux-riscv-5.11

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-riscv-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-riscv-5.19

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-riscv-5.8

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-riscv-6.5

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-riscv-6.8

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage

linux-starfive-5.19

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-starfive-6.2

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-starfive-6.5

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-xilinx-zynqmp

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage
focal	needs-triage

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Ein entfernter Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder nicht spezifizierte Auswirkungen zu verursachen.
Published: 2025-07-09T22:00:00+00:00

References

https://git.kernel.org/stable/c/0a119fdaed67566aa3e0b5222dced4d08bbce463

https://git.kernel.org/stable/c/198c2dab022e5e94a99fff267b669d693bc7bb49

https://git.kernel.org/stable/c/1e0e629e88b1f7751ce69bf70cda6d1598d45271

https://git.kernel.org/stable/c/1fee4324b5660de080cefc3fc91c371543bdb8f6

https://git.kernel.org/stable/c/3e0c59180ec83bdec43b3d3482cff23d86d380d0

https://git.kernel.org/stable/c/41afebc9a0762aafc35d2df88f4e1b798155a940

https://git.kernel.org/stable/c/960236150cd3f08e13b397dd5ae4ccf7a2986c00

https://git.kernel.org/stable/c/bed18f0bdcd6737a938264a59d67923688696fc4