#VU109494 Memory leak in Linux kernel - CVE-2025-37941

Cybersecurity Help s.r.o.

Published: 2025-05-20 | Updated: 2025-05-21

Vulnerability identifier: #VU109494

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37941

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the wcd937x_soc_codec_probe() function in sound/soc/codecs/wcd937x.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.13, 6.13.1, 6.13.2, 6.13.3, 6.13.4, 6.13.5, 6.13.6, 6.13.7, 6.13.8, 6.13.9, 6.13.10, 6.13.11

External links
https://git.kernel.org/stable/c/3e330acf4efd63876d673c046cd073a1d4ed57a8
https://git.kernel.org/stable/c/aafb5325aca3e806b3ea3707402189263473d257
https://git.kernel.org/stable/c/acadb2e2b3c5b9977a843a3a94fece9bdcf6aea1
https://git.kernel.org/stable/c/b573e04116fd33b9143fa276bbab2f0afad0a1ae
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.12

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for linux-azure

Ubuntu update for linux

Memory leak in Linux kernel soc codecs