#VU109569 Buffer overflow in Linux kernel - CVE-2025-37908

Cybersecurity Help s.r.o.

Published: 2025-05-21 | Updated: 2025-05-21

Vulnerability identifier: #VU109569

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37908

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the free_slab_obj_exts(), prepare_slab_obj_exts_hook() and account_slab() functions in mm/slub.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.12, 6.12.1, 6.12.2, 6.12.3, 6.12.4, 6.12.5, 6.12.6, 6.12.7, 6.12.8, 6.12.9, 6.12.10, 6.12.11, 6.12.12, 6.12.13, 6.12.14, 6.12.15, 6.12.16, 6.12.17, 6.12.18, 6.12.19, 6.12.20, 6.12.21, 6.12.22, 6.12.23, 6.12.24, 6.12.25, 6.12.26, 6.12.27

External links
https://git.kernel.org/stable/c/01db0e1a48345aa1937f3bdfc7c7108d03ebcf7e
https://git.kernel.org/stable/c/be8250786ca94952a19ce87f98ad9906448bc9ef
https://git.kernel.org/stable/c/dab2a13059a475b6392550f882276e170fe2fcff
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.28

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Buffer overflow in Linux kernel mm