CVE-2025-38344
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's ACPI subsystem where 'Acpi-Parse' and 'Acpi-parse_ext' caches are not properly cleaned up during early abort scenarios. This affects systems using ACPI during boot, potentially leading to kernel memory exhaustion. The vulnerability impacts Linux systems with ACPI enabled.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory exhaustion leading to system instability, crashes, or denial of service during boot process.
Likely Case
Minor memory leak during boot that may not cause immediate issues but contributes to memory fragmentation over time.
If Mitigated
No operational impact if system boots successfully; memory leak is contained to boot process.
🎯 Exploit Status
This is a reliability/DoS vulnerability, not a privilege escalation or code execution flaw. Exploitation requires ability to influence ACPI initialization.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel commits referenced (e.g., 0a119fdaed67566aa3e0b5222dced4d08bbce463, 198c2dab022e5e94a99fff267b669d693bc7bb49)
Vendor Advisory: https://git.kernel.org/stable/c/0a119fdaed67566aa3e0b5222dced4d08bbce463
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing fixes. 2. Check kernel commit history for ACPI cache leak fixes. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable ACPI (Not Recommended)
linuxAdd acpi=off to kernel boot parameters to disable ACPI subsystem entirely.
Edit /etc/default/grub and add 'acpi=off' to GRUB_CMDLINE_LINUX
Run 'update-grub' (or equivalent)
Reboot
🧯 If You Can't Patch
- Monitor system memory usage during boot for unusual patterns
- Ensure systems have adequate memory to handle potential leaks during boot process
🔍 How to Verify
Check if Vulnerable:
Check kernel boot logs for 'kmem_cache_destroy Acpi-Parse: Slab cache still has objects' or 'kmem_cache_destroy Acpi-parse_ext: Slab cache still has objects' messages.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the referenced fixes by checking commit history or kernel changelog.📡 Detection & Monitoring
Log Indicators:
- 'kmem_cache_destroy Acpi-Parse: Slab cache still has objects' in kernel logs
- 'kmem_cache_destroy Acpi-parse_ext: Slab cache still has objects' in kernel logs
- 'ACPI: Unable to start the ACPI Interpreter' followed by cache destruction errors
Network Indicators:
- None - this is a local kernel issue
SIEM Query:
source="kernel" AND ("kmem_cache_destroy Acpi-Parse" OR "kmem_cache_destroy Acpi-parse_ext")🔗 References
- https://git.kernel.org/stable/c/0a119fdaed67566aa3e0b5222dced4d08bbce463
- https://git.kernel.org/stable/c/198c2dab022e5e94a99fff267b669d693bc7bb49
- https://git.kernel.org/stable/c/1e0e629e88b1f7751ce69bf70cda6d1598d45271
- https://git.kernel.org/stable/c/1fee4324b5660de080cefc3fc91c371543bdb8f6
- https://git.kernel.org/stable/c/3e0c59180ec83bdec43b3d3482cff23d86d380d0
- https://git.kernel.org/stable/c/41afebc9a0762aafc35d2df88f4e1b798155a940
- https://git.kernel.org/stable/c/960236150cd3f08e13b397dd5ae4ccf7a2986c00
- https://git.kernel.org/stable/c/bed18f0bdcd6737a938264a59d67923688696fc4
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
