IM
IronMonkey Threat Research

CVE-2025-37980 MEDIUM

Published: 2025-05-20 | Last Modified: 2026-07-14 | Status: Modified

Description

In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is successful but the function later encounters an error, we need to clean up the blk_mq_sysfs resources. Add the missing blk_mq_sysfs_unregister() call in the error path to properly clean up these resources and prevent a memory leak.

Additional Descriptions (1)

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bloque: corrección de fuga de recursos en la ruta de error blk_register_queue(). Si el registro de una cola falla después de que blk_mq_sysfs_register() se ejecute correctamente, pero la función detecta un error posteriormente, es necesario limpiar los recursos blk_mq_sysfs. Agregue la llamada blk_mq_sysfs_unregister() faltante en la ruta de error para limpiar correctamente estos recursos y evitar una fuga de memoria.

CVSS Metrics

Base Score: 5.5 (MEDIUM)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack VectorLOCAL
Attack ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 3.6

Weaknesses

Source Type Description
[email protected] Primary
en CWE-401

Affected Products

Vendor Product Version Update Type
linux linux_kernel * <built-in method update of dict object at 0x702bc462d340> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bde7ac040> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bdd420280> Operating System
linux linux_kernel 6.15 <built-in method update of dict object at 0x702b801ccd40> Operating System
linux linux_kernel 6.15 <built-in method update of dict object at 0x702bc462f000> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*

References

Notification
Message here