Linux Kernel Inode Allocation Leak in Qibfs
CVE-2025-37983

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 20 May 2025

What is CVE-2025-37983?

A memory leak has been identified in the Linux kernel's Qibfs module, where a failure to allocate an inode could lead to a leaked directory entry (dentry). This issue has been present since the initial merge of the feature. Although the likelihood of encountering this allocation failure during extreme out-of-memory conditions is low, it remains a potential security concern for systems operating under resource constraints. Addressing this vulnerability is crucial to maintaining the stability and security of affected Linux environments.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5e280cce3a29b7fe7b828c6ccd5aa5ba87ceb6b6

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3c2fde33e3e505dfd1a895d1f24bad650c655e14

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5fe708c5e3c8b2152c6caaa67243e431a5d6cca3

References

https://git.kernel.org/stable/c/5e280cce3a29b7fe7b828c6cc...

https://git.kernel.org/stable/c/3c2fde33e3e505dfd1a895d1f...

https://git.kernel.org/stable/c/5fe708c5e3c8b2152c6caaa67...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2025
Vulnerability Reserved
Apr 16, 2025