#VU107650 Memory leak in Linux kernel - CVE-2025-22073


Vulnerability identifier: #VU107650

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22073

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the spufs_fill_dir() function in arch/powerpc/platforms/cell/spufs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/0bd56e4e72c354b65c0a7e5ac1c09eca81949d5b
https://git.kernel.org/stable/c/132925bd6772d7614340fb755ac5415462ac8edd
https://git.kernel.org/stable/c/35f789ccebd69f6f9a1e0a9b85435003b2450065
https://git.kernel.org/stable/c/53b189651c33b5f1fb3b755e6a37a8206978514e
https://git.kernel.org/stable/c/90d1b276d1b1379d20ad27d1f6349ba9f44a2e00
https://git.kernel.org/stable/c/96de7fbdc2dcadeebc17c3cb89e7cdab487bfce0
https://git.kernel.org/stable/c/b1eef06d10c1a9848e3a762919bbbe315a0a7cb4
https://git.kernel.org/stable/c/d1ca8698ca1332625d83ea0d753747be66f9906d
https://git.kernel.org/stable/c/d791985ceeb081155b4e96d314ca54c7605dcbe0

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Memory leak in Linux kernel cell spufs