vulnerability

Ubuntu: (Multiple Advisories) (CVE-2025-38549): Linux kernel vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:N/A:C)	Nov 21, 2025	Nov 25, 2025	Feb 13, 2026

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

Nov 21, 2025

Added

Nov 25, 2025

Modified

Feb 13, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths

When processing mount options, efivarfs allocates efivarfs_fs_info (sfi)
early in fs_context initialization. However, sfi is associated with the
superblock and typically freed when the superblock is destroyed. If the
fs_context is released (final put) before fill_super is called—such as
on error paths or during reconfiguration—the sfi structure would leak,
as ownership never transfers to the superblock.

Implement the .free callback in efivarfs_context_ops to ensure any
allocated sfi is properly freed if the fs_context is torn down before
fill_super, preventing this memory leak.

Solutions

ubuntu-upgrade-linux-image-6-14-0-1016-oemubuntu-upgrade-linux-image-6-14-0-1016-realtimeubuntu-upgrade-linux-image-6-14-0-1017-awsubuntu-upgrade-linux-image-6-14-0-1017-aws-64kubuntu-upgrade-linux-image-6-14-0-1017-azureubuntu-upgrade-linux-image-6-14-0-1017-oracleubuntu-upgrade-linux-image-6-14-0-1017-oracle-64kubuntu-upgrade-linux-image-6-14-0-1018-raspiubuntu-upgrade-linux-image-6-14-0-1020-gcpubuntu-upgrade-linux-image-6-14-0-1020-gcp-64kubuntu-upgrade-linux-image-6-14-0-36-genericubuntu-upgrade-linux-image-6-14-0-36-generic-64kubuntu-upgrade-linux-image-6-8-0-100-genericubuntu-upgrade-linux-image-6-8-0-100-generic-64kubuntu-upgrade-linux-image-6-8-0-1047-gcpubuntu-upgrade-linux-image-6-8-0-1047-gcp-64kubuntu-upgrade-linux-image-6-8-0-1047-raspiubuntu-upgrade-linux-image-6-8-1-1041-realtimeubuntu-upgrade-linux-image-awsubuntu-upgrade-linux-image-aws-6-14ubuntu-upgrade-linux-image-aws-64kubuntu-upgrade-linux-image-aws-64k-6-14ubuntu-upgrade-linux-image-azureubuntu-upgrade-linux-image-azure-6-14ubuntu-upgrade-linux-image-gcpubuntu-upgrade-linux-image-gcp-6-14ubuntu-upgrade-linux-image-gcp-6-8ubuntu-upgrade-linux-image-gcp-64kubuntu-upgrade-linux-image-gcp-64k-6-14ubuntu-upgrade-linux-image-gcp-64k-6-8ubuntu-upgrade-linux-image-genericubuntu-upgrade-linux-image-generic-6-14ubuntu-upgrade-linux-image-generic-6-8ubuntu-upgrade-linux-image-generic-64kubuntu-upgrade-linux-image-generic-64k-6-14ubuntu-upgrade-linux-image-generic-64k-6-8ubuntu-upgrade-linux-image-generic-64k-hwe-24-04ubuntu-upgrade-linux-image-generic-hwe-24-04ubuntu-upgrade-linux-image-generic-lpaeubuntu-upgrade-linux-image-intel-iotgubuntu-upgrade-linux-image-kvmubuntu-upgrade-linux-image-oem-24-04ubuntu-upgrade-linux-image-oem-24-04aubuntu-upgrade-linux-image-oem-6-14ubuntu-upgrade-linux-image-oracleubuntu-upgrade-linux-image-oracle-6-14ubuntu-upgrade-linux-image-oracle-64kubuntu-upgrade-linux-image-oracle-64k-6-14ubuntu-upgrade-linux-image-raspiubuntu-upgrade-linux-image-raspi-6-14ubuntu-upgrade-linux-image-raspi-6-8ubuntu-upgrade-linux-image-realtimeubuntu-upgrade-linux-image-realtime-6-14ubuntu-upgrade-linux-image-realtime-6-8-1ubuntu-upgrade-linux-image-realtime-hwe-22-04ubuntu-upgrade-linux-image-realtime-hwe-24-04ubuntu-upgrade-linux-image-virtualubuntu-upgrade-linux-image-virtual-6-14ubuntu-upgrade-linux-image-virtual-6-8ubuntu-upgrade-linux-image-virtual-hwe-24-04

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today