CVE-2025-39737 — Missing Release of Memory after Effective Lifetime in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 96.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 11
Latest updateMar 25
Description
In the Linux kernel, the following vulnerability has been resolved:
mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup()
A soft lockup warning was observed on a relative small system x86-64
system with 16 GB of memory when running a debug kernel with kmemleak
enabled.
watchdog: BUG: soft lockup - CPU#8 stuck for 33s! [kworker/8:1:134]
The test system was running a workload with hot unplug happening in
parallel. Then kemleak decided to disable itself due to its inability to
allocate more…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
▶CVEListV5linux/linux2abd839aa7e615f2bbc50c8ba7deb9e40d186768 — 9f1f4e95031f84867c5821540466d62f88dab8ca+9
Also affects: Debian Linux 11.0
Patches
🔴Vulnerability Details
3OSV▶
CVE-2025-39737: In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() A soft lockup warning wa↗2025-09-11
GHSA▶
GHSA-x37q-qw63-qf28: In the Linux kernel, the following vulnerability has been resolved:
mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup()
A soft lockup warning↗2025-09-11