#VU112172 Memory leak in Linux kernel - CVE-2025-38100


Vulnerability identifier: #VU112172

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38100

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the copy_thread() and native_tss_update_io_bitmap() functions in arch/x86/kernel/process.c, within the io_bitmap_share(), io_bitmap_exit() and SYSCALL_DEFINE1() functions in arch/x86/kernel/ioport.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/2cfcbe1554c119402e7382de974c26b0549899fe
https://git.kernel.org/stable/c/2dace5e016c991424a3dc6e83b1ae5dca8992d08
https://git.kernel.org/stable/c/73cfcc8445585b8af7e18be3c9246b851fdf336c
https://git.kernel.org/stable/c/8b68e978718f14fdcb080c2a7791c52a0d09bc6d
https://git.kernel.org/stable/c/aa5ce1485562f20235b4c759eee5ab0c41d2c220
https://git.kernel.org/stable/c/b3b3b6366dc8eb5b22edba9adc4bff3cdacfd64c
https://git.kernel.org/stable/c/d64b7b05a827f98d068f412969eef65489b0cf03

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


openEuler 24.03 LTS SP2 update for kernel
openEuler 24.03 LTS update for kernel
openEuler 24.03 LTS SP1 update for kernel
Anolis OS update for kernel:6.6
Ubuntu update for linux-raspi
Ubuntu update for linux-nvidia-tegra-igx
Ubuntu update for linux-kvm
Ubuntu update for linux-oracle-6.14
Ubuntu update for linux-azure-5.15
Ubuntu update for linux-aws-6.14