#VU112831 Resource management error in Linux kernel - CVE-2025-38336


Vulnerability identifier: #VU112831

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38336

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the via_mode_filter() function in drivers/ata/pata_via.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/0d9a48dfa934f43ac839211ae4aeba34f666a9a5
https://git.kernel.org/stable/c/67d66a5e4583fd3bcf13d6f747e571df13cbad51
https://git.kernel.org/stable/c/7fc89c218fc96a296a2840b1e37f4e0975f7a108
https://git.kernel.org/stable/c/8212cd92fe40aae6fe5a073bc70e758c42bb4bfc
https://git.kernel.org/stable/c/8edfed4439b107d62151ff6c075958d169da3e71
https://git.kernel.org/stable/c/947f9304d3c876c6672b947b80c0ef51161c6d2f
https://git.kernel.org/stable/c/bb7212ee4ff086628a2c1c22336d082a87cb893d
https://git.kernel.org/stable/c/d29fc02caad7f94b62d56ee1b01c954f9c961ba7

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Ubuntu update for linux-hwe-6.14
Ubuntu update for linux-gcp-6.14
Ubuntu update for linux-aws-6.14
Anolis OS update for kernel:6.6
Ubuntu update for linux
Ubuntu update for linux-azure
Ubuntu update for linux-realtime-6.14
Ubuntu update for linux-nvidia-tegra-igx
Ubuntu update for linux-kvm
Ubuntu update for linux-azure-5.15