CVE-2025-37951Missing Release of Memory after Effective Lifetime in Linux

CWE-401Missing Release of Memory after Effective Lifetime42 documents7 sources
Severity
5.5MEDIUMNVD
OSV7.8OSV3.2
EPSS
0.1%
top 72.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
LinuxLinux KernelDebian Linux+6 more
Timeline
PublishedMay 20
Latest updateMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so, instead of resetting the hardware, we skip the reset and let the timer get rearmed. This gives long-running jobs a chance to complete. However, when `timedout_job()` is called, the job in question is removed from the pending list, which means it won't be automatically

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages10 packages

NVDlinux/linux_kernel4.186.1.139+4
Debianlinux/linux_kernel< 6.1.140-1+2
Ubuntulinux/linux_kernel< 6.8.0-100.100
CVEListV5linux/linux57692c94dcbe99a1e0444409a3da13fb3443562c5235b56b7e5449d990d21d78723b1a5e7bb5738e+5

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

21
OSV
linux-azure-6.8 vulnerabilities2026-03-25
OSV
linux-azure-fips vulnerabilities2026-03-04
OSV
linux-azure vulnerabilities2026-03-04
OSV
linux-ibm, linux-ibm-6.8 vulnerabilities2026-02-24
OSV
linux-xilinx vulnerabilities2026-02-24

📋Vendor Advisories

20
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Xilinx) vulnerabilities2026-02-24
Ubuntu
Linux kernel (IBM) vulnerabilities2026-02-24
CVE-2025-37951 — Linux vulnerability | cvebase