CVE-2025-38419 Information

Description

In the Linux kernel the following vulnerability has been resolved:

remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach()

When rproc->state = RPROC_DETACHED and rproc_attach() is used to attach to the remote processor if rproc_handle_resources() returns a failure the resources allocated by imx_rproc_prepare() should be released otherwise the following memory leak will occur.

Since almost the same thing is done in imx_rproc_prepare() and rproc_resource_cleanup() Function rproc_resource_cleanup() is able to deal with empty lists so it is better to fix the \goto\ statements in rproc_attach(). replace the �nprepare_device\ goto statement with

Reference

https://git.kernel.org/stable/c/5434d9f2fd68722b514c14b417b53a8af02c4d24 https://git.kernel.org/stable/c/7692c9fbedd9087dc9050903f58095915458d9b1 https://git.kernel.org/stable/c/82208ce9505abb057afdece7c62a14687c52c9ca https://git.kernel.org/stable/c/92776ca0ccfe78b9bfe847af206bad641fb11121 https://git.kernel.org/stable/c/9515d74c9d1ae7308a02e8bd4f894eb8137cf8df https://git.kernel.org/stable/c/c56d6ef2711ee51b54f160ad0f25a381561f0287

Related CNNVD

CNNVD-202507-3248 (Published: 2025-07-25)