CVE-2025-38549: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-38549 is a vulnerability discovered in the Linux kernel's efivarfs filesystem component, disclosed on August 16, 2025. The vulnerability specifically affects the handling of efivarfs_fs_info structures during filesystem context initialization. This issue was identified in the Linux kernel's efivarfs implementation and impacts various Linux distributions and systems that utilize the efivarfs filesystem (NVD, Ubuntu Security).

The vulnerability stems from a memory leak in the efivarfs filesystem's mount option processing. When processing mount options, efivarfs allocates efivarfs_fs_info (sfi) early in fs_context initialization. The sfi structure is typically associated with the superblock and freed when the superblock is destroyed. However, if the fs_context is released before fill_super is called (such as during error paths or reconfiguration), the sfi structure leaks because ownership never transfers to the superblock. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat).

The primary impact of this vulnerability is resource exhaustion through memory leaks. When triggered, the vulnerability causes the system to leak memory resources, which over time could lead to degraded system performance or potential denial of service conditions (Red Hat).

The vulnerability has been fixed by implementing the .free callback in efivarfs_context_ops to ensure proper freeing of allocated sfi structures when the fs_context is torn down before fill_super. Various Linux distributions have released patches, with Debian marking it as fixed in versions 6.12.41-1 for trixie and 6.16.3-1 for sid (Debian Tracker).