Memory leak in Linux kernel inode
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2025-22072 |
| CWE-ID | CWE-401 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Memory leak
EUVDB-ID: #VU107649
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-22072
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak in arch/powerpc/platforms/cell/spufs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3 External linkshttps://git.kernel.org/stable/c/029d8c711f5e5fe8cf63e8a4a1a140a06e224e45
https://git.kernel.org/stable/c/324f280806aab28ef757aecc18df419676c10ef8
https://git.kernel.org/stable/c/880e7b3da2e765c1f90c94c0539be039e96c7062
https://git.kernel.org/stable/c/903733782f3ae28a2f7fe4dfb47c7fe3e079a528
https://git.kernel.org/stable/c/c134deabf4784e155d360744d4a6a835b9de4dd4
https://git.kernel.org/stable/c/fc646a6c6d14b5d581f162a7e32999f789e3a3ac
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
