#VU115362 Memory leak in Linux kernel - CVE-2025-39736
Published: September 16, 2025
Vulnerability identifier: #VU115362
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-39736
CWE-ID: CWE-401
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mem_pool_alloc() function in mm/kmemleak.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/08f70be5e406ce47c822f2dd11c1170ca259605b
- https://git.kernel.org/stable/c/1da95d3d4b7b1d380ebd87b71a61e7e6aed3265d
- https://git.kernel.org/stable/c/47b0f6d8f0d2be4d311a49e13d2fd5f152f492b2
- https://git.kernel.org/stable/c/4b0151e1d468eb2667c37b7af99b3c075072d334
- https://git.kernel.org/stable/c/62879faa8efe8d8a9c7bf7606ee9c068012d7dac
- https://git.kernel.org/stable/c/a0854de00ce2ee27edf39037e7836ad580eb3350
- https://git.kernel.org/stable/c/a181b228b37a6a5625dad2bb4265bb7abb673e9f
- https://git.kernel.org/stable/c/c7b6ea0ede687e7460e593c5ea478f50aa41682a
- https://git.kernel.org/stable/c/f249d32bb54876b4b6c3ae071af8ddca77af390b