Memory Allocation Vulnerability in Linux Kernel Affecting System Performance
CVE-2025-39756

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 September 2025

What is CVE-2025-39756?

A vulnerability in the Linux kernel allows for excessive memory allocation when the file descriptor limit is set extremely high. This issue occurs because setting 'sysctl_nr_open' to a value like 1073741816 causes processes to attempt allocations that exceed the maximum integer size, resulting in impractical memory requests that may fail and trigger warnings. Specifically, when using functions like 'dup2' with high file descriptors, the kernel may attempt to allocate over 8 GB of memory, which can lead to performance degradation and system instability. A fix has been introduced to prevent such large allocation requests, ensuring smoother operation of the kernel.

Affected Version(s)

Linux 9cfe015aa424b3c003baba3841a60dd9b5ad319b

Linux 9cfe015aa424b3c003baba3841a60dd9b5ad319b < 749528086620f8012b83ae032a80f6ffa80c45cd

References

https://git.kernel.org/stable/c/b4159c5a90c03f8acd3de345a...

https://git.kernel.org/stable/c/f95638a8f22eba307dceddf5a...

https://git.kernel.org/stable/c/749528086620f8012b83ae032...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
Apr 16, 2025