#VU112175 Memory leak in Linux kernel - CVE-2025-38147
Published: July 4, 2025
Vulnerability identifier: #VU112175
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-38147
CWE-ID: CWE-401
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the netlbl_conn_setattr() function in net/netlabel/netlabel_kapi.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/0c813dbc851dbf418fdc6dc883fd0592d6c555cd
- https://git.kernel.org/stable/c/26ce90f1ce60b0ff587de8d6aec399aa55cab28e
- https://git.kernel.org/stable/c/6e9f2df1c550ead7cecb3e450af1105735020c92
- https://git.kernel.org/stable/c/946bfdfcb76ac2bac5b8526447035885ff41c598
- https://git.kernel.org/stable/c/c32ebe33626335a536dbbdd09571c06dd9bc1729
- https://git.kernel.org/stable/c/dd8928897594931d6912ef2f7a43e110b4958d3d
- https://git.kernel.org/stable/c/e2ec310c7a50271843c585e27ef14e48c66ce649
- https://git.kernel.org/stable/c/fc2da88411470480b8b7e9177e930cedd893cf56