Infinite loop in Linux kernel core
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2025-37859 |
| CWE-ID | CWE-835 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Infinite loop
EUVDB-ID: #VU108887
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37859
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the page_pool_release_retry() function in net/core/page_pool.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 6.13 - 6.13.11
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:6.13:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.13.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.13.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.13.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.13.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.13.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.13.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.13.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.13.8:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.13.9:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/43130d02baa137033c25297aaae95fd0edc41654
https://git.kernel.org/stable/c/7204335d1991c23fc615ab76f31f175748a578e1
https://git.kernel.org/stable/c/738d1812ec2e395e953258aea912ddd867d11a13
https://git.kernel.org/stable/c/90e089a64504982f8d62f223027cb9f903781f78
https://git.kernel.org/stable/c/91522aba56e9fcdf64da25ffef9b27f8fad48e0f
https://git.kernel.org/stable/c/95f17738b86fd198924d874a5639bcdc49c7e5b8
https://git.kernel.org/stable/c/9f71db4fb82deb889e0bac4a51b34daea7d506a3
https://git.kernel.org/stable/c/c3c7c57017ce1d4b2d3788c1fc59e7e39026e158
https://git.kernel.org/stable/c/e74e5aa33228c5e2cb4fc80ad103541a7b7805ec
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.12
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
