PT-2025-37214 · Linux+5 · Linux Kernel+5

Published

2025-06-29

·

Updated

2026-04-20

·

CVE-2025-39756

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions:

Linux kernel (affected versions not specified)

Description:

The Linux kernel contains a flaw related to file descriptor table allocations. When sysctl nr open is set to a very high value, processes attempting to use file descriptors near the limit can trigger massive memory allocation attempts exceeding INT MAX, resulting in a warning in mm/slub.c. This occurs because the kernel's allocation functions enforce INT MAX as a maximum size, regardless of memory control group accounting. Systemd automatically bumps fs.nr open to the maximum possible value, which can trigger this issue in certain selftests and programs testing file descriptor limits. The issue can lead to impractical memory allocation requests exceeding 8GB.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Weakness Enumeration

CWE-769CWE-401

Related Identifiers

BDU:2025-15211
CVE-2025-39756
DLA-4327-1
DLA-4328-1
DSA-6009-1
ECHO-DF03-07A9-2B37
OPENSUSE-SU-2025:20091-1
SUSE-SU-2025:21040-1
SUSE-SU-2025:21052-1
SUSE-SU-2025:21056-1
SUSE-SU-2025:21064-1
SUSE-SU-2025:21080-1
SUSE-SU-2025:21147-1
SUSE-SU-2025:21180-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4128-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4140-1
SUSE-SU-2025:4141-1
SUSE-SU-2025:4189-1
SUSE-SU-2025:4301-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7938-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu