#VU107649 Memory leak in Linux kernel - CVE-2025-22072


Vulnerability identifier: #VU107649

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22072

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak in arch/powerpc/platforms/cell/spufs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/029d8c711f5e5fe8cf63e8a4a1a140a06e224e45
https://git.kernel.org/stable/c/324f280806aab28ef757aecc18df419676c10ef8
https://git.kernel.org/stable/c/880e7b3da2e765c1f90c94c0539be039e96c7062
https://git.kernel.org/stable/c/903733782f3ae28a2f7fe4dfb47c7fe3e079a528
https://git.kernel.org/stable/c/c134deabf4784e155d360744d4a6a835b9de4dd4
https://git.kernel.org/stable/c/fc646a6c6d14b5d581f162a7e32999f789e3a3ac

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 24.03 LTS update for kernel
openEuler 24.03 LTS SP1 update for kernel
Debian update for linux
Memory leak in Linux kernel inode