CVE-2025-37774 — NULL Pointer Dereference in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 84.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 1
Latest updateJul 8
Description
In the Linux kernel, the following vulnerability has been resolved:
slab: ensure slab->obj_exts is clear in a newly allocated slab page
ktest recently reported crashes while running several buffered io tests
with __alloc_tagging_slab_alloc_hook() at the top of the crash call stack.
The signature indicates an invalid address dereference with low bits of
slab->obj_exts being set. The bits were outside of the range used by
page_memcg_data_flags and objext_flags and hence were not masked out
by sl…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages5 packages
▶CVEListV5linux/linux21c690a349baab895dc68ab70d291e1598d7109d — 8baa747193591410a853bac9c3710142dfa4937b+3
Patches
🔴Vulnerability Details
5OSV▶
CVE-2025-37774: In the Linux kernel, the following vulnerability has been resolved: slab: ensure slab->obj_exts is clear in a newly allocated slab page ktest recently↗2025-05-01
GHSA▶
GHSA-g9q4-8883-7234: In the Linux kernel, the following vulnerability has been resolved:
slab: ensure slab->obj_exts is clear in a newly allocated slab page
ktest recent↗2025-05-01
📋Vendor Advisories
5Debian▶
CVE-2025-37774: linux - In the Linux kernel, the following vulnerability has been resolved: slab: ensur...↗2025