#VU108321 Improper locking in Linux kernel - CVE-2025-37741
Vulnerability identifier: #VU108321
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the diReadSpecial() function in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 6.1, 6.1 rc1, 6.1 rc3, 6.1 rc7, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14, 6.1.15, 6.1.16, 6.1.17, 6.1.18, 6.1.19, 6.1.20, 6.1.21, 6.1.22, 6.1.23, 6.1.24, 6.1.25, 6.1.26, 6.1.27, 6.1.28, 6.1.29, 6.1.30, 6.1.31, 6.1.32, 6.1.33, 6.1.34, 6.1.35, 6.1.36, 6.1.37, 6.1.38, 6.1.39, 6.1.40, 6.1.41, 6.1.42, 6.1.43, 6.1.44, 6.1.45, 6.1.46, 6.1.47, 6.1.48, 6.1.49, 6.1.50, 6.1.51, 6.1.52, 6.1.53, 6.1.54, 6.1.55, 6.1.56, 6.1.57, 6.1.58, 6.1.59, 6.1.60, 6.1.61, 6.1.62, 6.1.63, 6.1.64, 6.1.65, 6.1.66, 6.1.67, 6.1.68, 6.1.69, 6.1.70, 6.1.71, 6.1.72, 6.1.73, 6.1.74, 6.1.75, 6.1.76, 6.1.77, 6.1.78, 6.1.79, 6.1.80, 6.1.81, 6.1.82, 6.1.83, 6.1.84, 6.1.85, 6.1.86, 6.1.87, 6.1.88, 6.1.89, 6.1.90, 6.1.91, 6.1.92, 6.1.93, 6.1.94, 6.1.95, 6.1.96, 6.1.97, 6.1.98, 6.1.99, 6.1.100, 6.1.101, 6.1.102, 6.1.103, 6.1.104, 6.1.105, 6.1.106, 6.1.107, 6.1.108, 6.1.109, 6.1.110, 6.1.111, 6.1.112, 6.1.113, 6.1.114, 6.1.115, 6.1.116, 6.1.117, 6.1.118, 6.1.119, 6.1.120, 6.1.121, 6.1.122, 6.1.123, 6.1.124, 6.1.125, 6.1.126, 6.1.127, 6.1.128, 6.1.129, 6.1.130, 6.1.131, 6.1.132, 6.1.133, 6.1.134
External links
https://git.kernel.org/stable/c/5b2f26d3fba4e9aac314f8bc0963b3fc28c0e456
https://git.kernel.org/stable/c/86bfeaa18f9e4615b97f2d613e0fcc4ced196527
https://git.kernel.org/stable/c/8b5ce75f8bd3ddf480cc0a240d7ff5cdea0444f9
https://git.kernel.org/stable/c/994787341358816d91b2fded288ecb7f129f2b27
https://git.kernel.org/stable/c/a2b560815528ae8e266fca6038bb5585d13aaef4
https://git.kernel.org/stable/c/aeb926e605f97857504bdf748f575e40617e2ef9
https://git.kernel.org/stable/c/b3c4884b987e5d8d0ec061a4d52653c4f4b9c37e
https://git.kernel.org/stable/c/b61e69bb1c049cf507e3c654fa3dc1568231bd07
https://git.kernel.org/stable/c/c9541c2bd0edbdbc5c1148a84d3b48dc8d1b8af2
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.135
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
