SB2025050819 - Memory leak in Linux kernel net driver
Published: May 8, 2025 Updated: May 10, 2025
Security Bulletin ID
SB2025050819
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2025-37820)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xennet_run_xdp() function in drivers/net/xen-netfront.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/5b83d30c63f9964acb1bc63eb8e670b9e0d2c240
- https://git.kernel.org/stable/c/cc3628dcd851ddd8d418bf0c897024b4621ddc92
- https://git.kernel.org/stable/c/cefd8a2e2de46209ce66e6d30c237eb59b6c5bfa
- https://git.kernel.org/stable/c/d6a9c4e6f9b3ec3ad98468c950ad214af8a2efb9
- https://git.kernel.org/stable/c/eefccd889df3b49d92e7349d94c4aa7e1ba19f6c
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.5