#VU109558 Infinite loop in Linux kernel - CVE-2025-37931
Vulnerability identifier: #VU109558
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-835
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the submit_eb_subpage() function in fs/btrfs/extent_io.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 6.12, 6.12.1, 6.12.2, 6.12.3, 6.12.4, 6.12.5, 6.12.6, 6.12.7, 6.12.8, 6.12.9, 6.12.10, 6.12.11, 6.12.12, 6.12.13, 6.12.14, 6.12.15, 6.12.16, 6.12.17, 6.12.18, 6.12.19, 6.12.20, 6.12.21, 6.12.22, 6.12.23, 6.12.24, 6.12.25, 6.12.26, 6.12.27, 6.14, 6.14.1, 6.14.2, 6.14.3, 6.14.4, 6.14.5
External links
https://git.kernel.org/stable/c/396f4002710030ea1cfd4c789ebaf0a6969ab34f
https://git.kernel.org/stable/c/b80db09b614cb7edec5bada1bc7c7b0eb3b453ea
https://git.kernel.org/stable/c/e08e49d986f82c30f42ad0ed43ebbede1e1e3739
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.28
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
