CVE-2025-68235
Description
In the Linux kernel, the following vulnerability has been resolved:
nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot
nvkm_falcon_fw::boot is allocated, but no one frees it. This causes a kmemleak warning.
Make sure this data is deallocated.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing kfree() in nouveau firmware code causes memory leak of nvkm_falcon_fw::boot allocation.
A memory leak vulnerability exists in the Linux kernel's nouveau driver firmware handling. The nvkm_falcon_fw::boot pointer is allocated but never freed, leading to a kmemleak warning [1]. This is a standard memory leak issue where the allocated data is not released when no longer needed.
The bug is present in the nouveau subsystem, which manages NVIDIA graphics hardware. No special authentication or network position is required to trigger it; the leak occurs during normal kernel operations involving firmware loading on compatible NVIDIA hardware. The lack of deallocation accumulates over time, potentially exhausting system memory on long-running systems.
An attacker cannot directly exploit this for privilege escalation or code execution, but it degrades system reliability by consuming kernel memory. Over extended uptime, this may lead to out-of-memory conditions, especially on systems with limited RAM.
The fix has been applied in the Linux kernel stable tree [1]. Users should update to a kernel version containing the patch referenced in the commit. No workaround is available other than applying the update or avoiding the affected nouveau hardware.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.