SB20250509134 - Infinite loop in Linux kernel core
Published: May 9, 2025 Updated: May 10, 2025
Security Bulletin ID
SB20250509134
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Infinite loop (CVE-ID: CVE-2025-37859)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the page_pool_release_retry() function in net/core/page_pool.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/43130d02baa137033c25297aaae95fd0edc41654
- https://git.kernel.org/stable/c/7204335d1991c23fc615ab76f31f175748a578e1
- https://git.kernel.org/stable/c/738d1812ec2e395e953258aea912ddd867d11a13
- https://git.kernel.org/stable/c/90e089a64504982f8d62f223027cb9f903781f78
- https://git.kernel.org/stable/c/91522aba56e9fcdf64da25ffef9b27f8fad48e0f
- https://git.kernel.org/stable/c/95f17738b86fd198924d874a5639bcdc49c7e5b8
- https://git.kernel.org/stable/c/9f71db4fb82deb889e0bac4a51b34daea7d506a3
- https://git.kernel.org/stable/c/c3c7c57017ce1d4b2d3788c1fc59e7e39026e158
- https://git.kernel.org/stable/c/e74e5aa33228c5e2cb4fc80ad103541a7b7805ec
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.12