Resource management error in Linux kernel - CVE-2025-37808
Published: May 8, 2025 / Updated: May 10, 2025
Vulnerability identifier: #VU108820
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-37808
CWE-ID: CWE-399
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DEFINE_MUTEX(), MODULE_ALIAS_CRYPTO() and EXPORT_SYMBOL_GPL() functions in crypto/crypto_null.c. A local user can perform a denial of service (DoS) attack.
How to mitigate CVE-2025-37808
Install update from vendor's website.
Sources
- https://git.kernel.org/stable/c/0486de3c1b8223138dcc614846bd76364f758de6
- https://git.kernel.org/stable/c/1b66a5920b7fc7cc6251192a3fcad115b6d75dd5
- https://git.kernel.org/stable/c/1dd4a8561d85dea545cf93f56efc48df8176e218
- https://git.kernel.org/stable/c/8cf2945512a8c0ef74ddd5b5a4f6b6a2fb1a4efb
- https://git.kernel.org/stable/c/dcc47a028c24e793ce6d6efebfef1a1e92f80297
- https://git.kernel.org/stable/c/e27244cbe10658a66b8775be7f0acc4ad2f618d6
- https://git.kernel.org/stable/c/e307c54ac8198bf09652c72603ba6e6d97798410
- https://git.kernel.org/stable/c/f7a5a5c8e1ec16a4b2041398abe95de0e14572ef
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.293