CVE-2025-38390: 
Linux Debian vulnerability analysis and mitigation

CVE-2025-38390 was discovered and disclosed on July 25, 2025, affecting the Linux kernel's firmware arm_ffa component. The vulnerability involves a memory leak issue in the notifier callback functionality (NVD, Ubuntu).

The vulnerability stems from commit e0573444edbf which added support for notifier callbacks by allocating and inserting a callback node into a hashtable during registration of notifiers. During unregistration, the code only removes the node from the hashtable without freeing the associated memory, resulting in a memory leak. The issue specifically affects the firmware arm_ffa component (NVD, RedHat).

The vulnerability results in a memory leak condition where allocated memory for notifier callback nodes is not properly freed after being removed from the hashtable. This can lead to gradual system memory depletion over time (NVD).

The issue has been resolved by ensuring the allocated notifier callback node is properly freed after it is removed from the hashtable entry. Users should update to patched versions of the Linux kernel where available (NVD).