CVE-2025-21737 — Missing Release of Memory after Effective Lifetime in Linux
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 84.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 27
Latest updateMay 28
Description
In the Linux kernel, the following vulnerability has been resolved:
ceph: fix memory leak in ceph_mds_auth_match()
We now free the temporary target path substring allocation on every
possible branch, instead of omitting the default branch. In some
cases, a memory leak occured, which could rapidly crash the system
(depending on how many file accesses were attempted).
This was detected in production because it caused a continuous memory
growth, eventually triggering kernel OOM and completely ha…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
▶CVEListV5linux/linux596afb0b8933ba6ed7227adcc538db26feb25c74 — 146109fe936ac07f8f60cd6267543688985b96bc+3
Patches
🔴Vulnerability Details
5OSV▶
linux, linux-azure, linux-azure-6.11, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-oem-6.11, linux-raspi, linux-realtime vulnerabilities↗2025-05-20
OSV▶
CVE-2025-21737: In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in ceph_mds_auth_match() We now free the temporary target pa↗2025-02-27
GHSA▶
GHSA-755w-2h7x-xvj6: In the Linux kernel, the following vulnerability has been resolved:
ceph: fix memory leak in ceph_mds_auth_match()
We now free the temporary target↗2025-02-27
📋Vendor Advisories
5Debian▶
CVE-2025-21737: linux - In the Linux kernel, the following vulnerability has been resolved: ceph: fix m...↗2025