Memory leak in Linux kernel - CVE-2025-39736
Published: September 16, 2025
Vulnerability identifier: #VU115362
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-39736
CWE-ID: CWE-401
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mem_pool_alloc() function in mm/kmemleak.c. A local user can perform a denial of service (DoS) attack.
How to mitigate CVE-2025-39736
Install update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/08f70be5e406ce47c822f2dd11c1170ca259605b
- https://git.kernel.org/stable/c/1da95d3d4b7b1d380ebd87b71a61e7e6aed3265d
- https://git.kernel.org/stable/c/47b0f6d8f0d2be4d311a49e13d2fd5f152f492b2
- https://git.kernel.org/stable/c/4b0151e1d468eb2667c37b7af99b3c075072d334
- https://git.kernel.org/stable/c/62879faa8efe8d8a9c7bf7606ee9c068012d7dac
- https://git.kernel.org/stable/c/a0854de00ce2ee27edf39037e7836ad580eb3350
- https://git.kernel.org/stable/c/a181b228b37a6a5625dad2bb4265bb7abb673e9f
- https://git.kernel.org/stable/c/c7b6ea0ede687e7460e593c5ea478f50aa41682a
- https://git.kernel.org/stable/c/f249d32bb54876b4b6c3ae071af8ddca77af390b