#VU112175 Memory leak in Linux kernel - CVE-2025-38147


Vulnerability identifier: #VU112175

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38147

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the netlbl_conn_setattr() function in net/netlabel/netlabel_kapi.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/0c813dbc851dbf418fdc6dc883fd0592d6c555cd
https://git.kernel.org/stable/c/26ce90f1ce60b0ff587de8d6aec399aa55cab28e
https://git.kernel.org/stable/c/6e9f2df1c550ead7cecb3e450af1105735020c92
https://git.kernel.org/stable/c/946bfdfcb76ac2bac5b8526447035885ff41c598
https://git.kernel.org/stable/c/c32ebe33626335a536dbbdd09571c06dd9bc1729
https://git.kernel.org/stable/c/dd8928897594931d6912ef2f7a43e110b4958d3d
https://git.kernel.org/stable/c/e2ec310c7a50271843c585e27ef14e48c66ce649
https://git.kernel.org/stable/c/fc2da88411470480b8b7e9177e930cedd893cf56

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Anolis OS update for kernel:6.6
Ubuntu update for linux-raspi
Ubuntu update for linux-nvidia-tegra-igx
Ubuntu update for linux-kvm
Ubuntu update for linux-oracle-6.14
Ubuntu update for linux-azure-5.15
Ubuntu update for linux-aws-6.14
Ubuntu update for linux-azure
Ubuntu update for linux-oracle-5.15
Ubuntu update for linux-aws-fips