Linux · Linux Kernel · CVE-2025-21737
**Name of the Vulnerable Software and Affected Versions**
Linux kernel (affected versions not specified)
**Description**
A memory leak issue has been identified in the Linux kernel, specifically in the `ceph mds auth match()` function. This leak can occur when accessing files on a CephFS filesystem subdirectory with an auth token using a path-scoped capability, potentially leading to a rapid system crash due to continuous memory growth. The issue was detected in production and triggered kernel OOM, causing the kernel to hard-lock. Technical details include the allocation of a temporary target path substring, which was not freed on every possible branch, resulting in the memory leak.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.