PT-2025-18419 · Linux+10 · Linux Kernel+10
Published
2025-03-17
·
Updated
2026-04-20
·
CVE-2025-37738
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.13.0-rc2+
Description
A slab-use-after-free bug has been identified in the Linux kernel, specifically in the ext4 file system. The issue arises when the kernel fails to ignore extended attributes past the 'end' entry within the 'ext4 xattr inode dec ref all' function. This bug can lead to incorrect memory access and potentially cause system instability or crashes. The issue was reported by KASAN (Kernel Address Sanitizer) and has been fixed.
Recommendations
To resolve this issue, update the Linux kernel to a version newer than 6.13.0-rc2+. As a temporary workaround, consider disabling the
ext4 xattr inode dec ref all function until a patch is available. However, this is not a recommended long-term solution, as it may cause other issues with the file system. The best course of action is to apply the official patch or update to a newer kernel version.Exploit
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu