CVE-2025-39756 — Missing Release of Memory after Effective Lifetime in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 91.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 11
Latest updateMar 25
Description
In the Linux kernel, the following vulnerability has been resolved:
fs: Prevent file descriptor table allocations exceeding INT_MAX
When sysctl_nr_open is set to a very high value (for example, 1073741816
as set by systemd), processes attempting to use file descriptors near
the limit can trigger massive memory allocation attempts that exceed
INT_MAX, resulting in a WARNING in mm/slub.c:
WARNING: CPU: 0 PID: 44 at mm/slub.c:5027 __kvmalloc_node_noprof+0x21a/0x288
This happens because kvmalloc…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
▶CVEListV5linux/linux9cfe015aa424b3c003baba3841a60dd9b5ad319b — b4159c5a90c03f8acd3de345a7f5fc63b0909818+9
Also affects: Debian Linux 11.0
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-vv89-4q7p-gwx6: In the Linux kernel, the following vulnerability has been resolved:
fs: Prevent file descriptor table allocations exceeding INT_MAX
When sysctl_nr_o↗2025-09-11
OSV▶
CVE-2025-39756: In the Linux kernel, the following vulnerability has been resolved: fs: Prevent file descriptor table allocations exceeding INT_MAX When sysctl_nr_ope↗2025-09-11