CVE-2025-37807Missing Release of Memory after Effective Lifetime in Linux

CWE-401Missing Release of Memory after Effective Lifetime12 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 87.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
16
LinuxLinux KernelDebian Linux+13 more
Timeline
PublishedMay 8
Latest updateJul 8

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kmemleak warning for percpu hashmap Vlad Poenaru reported the following kmemleak issue: unreferenced object 0x606fd7c44ac8 (size 32): backtrace (crc 0): pcpu_alloc_noprof+0x730/0xeb0 bpf_map_alloc_percpu+0x69/0xc0 prealloc_init+0x9d/0x1b0 htab_map_alloc+0x363/0x510 map_create+0x215/0x3a0 __sys_bpf+0x16b/0x3e0 __x64_sys_bpf+0x18/0x20 do_syscall_64+0x7b/0x150 entry_SYSCALL_64_after_hwframe+0x4b/0x53 Further investigat

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages18 packages

NVDlinux/linux_kernel6.136.14.5+1
Debianlinux/linux_kernel< 6.12.27-1+1
Ubuntulinux/linux_kernel< 6.14.0-22.22

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

5
OSV
linux-aws, linux-oracle vulnerabilities2025-07-08
OSV
linux-azure vulnerabilities2025-06-26
OSV
linux, linux-gcp, linux-raspi, linux-realtime vulnerabilities2025-06-24
GHSA
GHSA-73cw-j3wh-rf6g: In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kmemleak warning for percpu hashmap Vlad Poenaru reported the following2025-05-08
OSV
CVE-2025-37807: In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kmemleak warning for percpu hashmap Vlad Poenaru reported the following k2025-05-08

📋Vendor Advisories

6
Ubuntu
Linux kernel vulnerabilities2025-07-08
Ubuntu
Linux kernel (Azure) vulnerabilities2025-06-26
Ubuntu
Linux kernel vulnerabilities2025-06-24
Microsoft
bpf: Fix kmemleak warning for percpu hashmap2025-05-13
Red Hat
kernel: bpf: Fix kmemleak warning for percpu hashmap2025-05-08