#VU107784 Resource management error in Linux kernel - CVE-2025-22044
Vulnerability identifier: #VU107784
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the acpi_nfit_ctl() function in drivers/acpi/nfit/core.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 6.12, 6.12.1, 6.12.2, 6.12.3, 6.12.4, 6.12.5, 6.12.6, 6.12.7, 6.12.8, 6.12.9, 6.12.10, 6.12.11, 6.12.12, 6.12.13, 6.12.14, 6.12.15, 6.12.16, 6.12.17, 6.12.18, 6.12.19, 6.12.20, 6.12.21, 6.12.22
External links
https://git.kernel.org/stable/c/2ff0e408db36c21ed3fa5e3c1e0e687c82cf132f
https://git.kernel.org/stable/c/4b65cff06a004ac54f6ea8886060f0d07b1ca055
https://git.kernel.org/stable/c/73851cfceb00cc77d7a0851bc10f2263394c3e87
https://git.kernel.org/stable/c/85f11291658ab907c4294319c8102450cc75bb96
https://git.kernel.org/stable/c/92ba06aef65522483784dcbd6697629ddbd4c4f9
https://git.kernel.org/stable/c/bae5b55e0f327102e78f6a66fb127275e9bc91b6
https://git.kernel.org/stable/c/c90402d2a226ff7afbe1d0650bee8ecc15a91049
https://git.kernel.org/stable/c/e71a57c5aaa389d4c3c82f920761262efdd18d38
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.23
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
