#VU111418 Memory leak in Linux kernel - CVE-2025-38031

Cybersecurity Help s.r.o.

Published: 2025-06-19

Vulnerability identifier: #VU111418

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38031

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the padata_reorder() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/1a426abdf1c86882c9203dd8182f3b8274b89938
https://git.kernel.org/stable/c/1c65ae4988714716101555fe2b9830e33136d6fb
https://git.kernel.org/stable/c/5300e487487d7a2e3e1e6e9d8f03ed9452e4019e
https://git.kernel.org/stable/c/584a729615fa92f4de45480efb7e569d14be1516
https://git.kernel.org/stable/c/b9ad8e50e8589607e68e6c4cefa7f72bf35a2cb1
https://git.kernel.org/stable/c/cceb15864e1612ebfbc10ec4e4dcd19a10c0056c
https://git.kernel.org/stable/c/d6ebcde6d4ecf34f8495fb30516645db3aea8993

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 22.03 LTS SP3 update for kernel

openEuler 22.03 LTS SP4 update for kernel

openEuler 24.03 LTS update for kernel

openEuler 24.03 LTS SP1 update for kernel

Memory leak in Linux kernel