Memory Leak Affecting kernel-uek-debug-core package, versions <0:6.12.0-102.36.5.2.el9uek
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-ORACLE9-KERNELUEKDEBUGCORE-10767168
- published17 Jul 2025
- disclosed20 May 2025
Introduced: 20 May 2025
CVE-2025-37905 (opens in a new tab)How to fix?
Upgrade Oracle:9 kernel-uek-debug-core to version 0:6.12.0-102.36.5.2.el9uek or higher.
This issue was patched in ELSA-2025-20530.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-uek-debug-core package and not the kernel-uek-debug-core package as distributed by Oracle.
See How to fix? for Oracle:9 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scmi: Balance device refcount when destroying devices
Using device_find_child() to lookup the proper SCMI device to destroy causes an unbalance in device refcount, since device_find_child() calls an implicit get_device(): this, in turns, inhibits the call of the provided release methods upon devices destruction.
As a consequence, one of the structures that is not freed properly upon destruction is the internal struct device_private dev->p populated by the drivers subsystem core.
KMemleak detects this situation since loading/unloding some SCMI driver causes related devices to be created/destroyed without calling any device_release method.
unreferenced object 0xffff00000f583800 (size 512): comm "insmod", pid 227, jiffies 4294912190 hex dump (first 32 bytes): 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... ff ff ff ff ff ff ff ff 60 36 1d 8a 00 80 ff ff ........`6...... backtrace (crc 114e2eed): kmemleak_alloc+0xbc/0xd8 __kmalloc_cache_noprof+0x2dc/0x398 device_add+0x954/0x12d0 device_register+0x28/0x40 __scmi_device_create.part.0+0x1bc/0x380 scmi_device_create+0x2d0/0x390 scmi_create_protocol_devices+0x74/0xf8 scmi_device_request_notifier+0x1f8/0x2a8 notifier_call_chain+0x110/0x3b0 blocking_notifier_call_chain+0x70/0xb0 scmi_driver_register+0x350/0x7f0 0xffff80000a3b3038 do_one_initcall+0x12c/0x730 do_init_module+0x1dc/0x640 load_module+0x4b20/0x5b70 init_module_from_file+0xec/0x158
$ ./scripts/faddr2line ./vmlinux device_add+0x954/0x12d0 device_add+0x954/0x12d0: kmalloc_noprof at include/linux/slab.h:901 (inlined by) kzalloc_noprof at include/linux/slab.h:1037 (inlined by) device_private_init at drivers/base/core.c:3510 (inlined by) device_add at drivers/base/core.c:3561
Balance device refcount by issuing a put_device() on devices found via device_find_child().
References
- https://linux.oracle.com/cve/CVE-2025-37905.html
- https://linux.oracle.com/errata/ELSA-2025-20470.html
- https://linux.oracle.com/errata/ELSA-2025-20480.html
- https://linux.oracle.com/errata/ELSA-2025-20530.html
- https://git.kernel.org/stable/c/2fbf6c9695ad9f05e7e5c166bf43fac7cb3276b3
- https://git.kernel.org/stable/c/8a8a3547d5c4960da053df49c75bf623827a25da
- https://git.kernel.org/stable/c/91ff1e9652fb9beb0174267d6bb38243dff211bb
- https://git.kernel.org/stable/c/969d8beaa2e374387bf9aa5602ef84fc50bb48d8
- https://git.kernel.org/stable/c/9ca67840c0ddf3f39407339624cef824a4f27599
- https://git.kernel.org/stable/c/ff4273d47da81b95ed9396110bcbd1b7b7470fe8
- https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html