Home

CVE-2025-37908

Description

In the Linux kernel, the following vulnerability has been resolved:mm, slab: clean up slab->obj_exts alwaysWhen memory allocation profiling is disabled at runtime or due to anerror, shutdown_mem_profiling() is called: slab->obj_exts whichpreviously allocated remains.It wont be cleared by unaccount_slab() because ofmem_alloc_profiling_enabled() not true. Its incorrect, slab->obj_extsshould always be cleaned up in unaccount_slab() to avoid following error:[...]BUG: Bad page state in process.....[...]page dumped because: page still charged to cgroup[andriy.shevchenko@linux.intel.com: fold need_slab_obj_ext() into its only user]

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.019

Associated Vulnerability

VulnerabilityOS Platform
Linux kernel (USN-7649-1) USN-7649-1 linux-image-6.14.0-1006-realtime_6.14.0-1006.6_amd64.debLinux
Linux kernel (USN-7649-1) USN-7649-1 linux-image-6.14.0-1011-gcp_6.14.0-1011.11_amd64.debLinux
Linux kernel (USN-7649-1) USN-7649-1 linux-image-6.14.0-24-generic_6.14.0-24.24_amd64.debLinux
Linux kernel (USN-7649-1) USN-7649-1 linux-image-gcp_6.14.0-1011.11_amd64.debLinux
Linux kernel (USN-7649-1) USN-7649-1 linux-image-gcp-6.14_6.14.0-1011.11_amd64.debLinux
Linux kernel (USN-7649-1) USN-7649-1 linux-image-generic_6.14.0-24.24_amd64.debLinux
Linux kernel (USN-7649-1) USN-7649-1 linux-image-generic-6.14_6.14.0-24.24_amd64.debLinux
Linux kernel (USN-7649-1) USN-7649-1 linux-image-generic-hwe-24.04_6.14.0-24.24_amd64.debLinux
Linux kernel (USN-7649-1) USN-7649-1 linux-image-oem-24.04_6.14.0-24.24_amd64.debLinux
Linux kernel (USN-7649-1) USN-7649-1 linux-image-oem-24.04a_6.14.0-24.24_amd64.debLinux
Linux kernel (USN-7649-1) USN-7649-1 linux-image-realtime_6.14.0-1006.6_amd64.debLinux
Linux kernel (USN-7649-1) USN-7649-1 linux-image-realtime-6.14_6.14.0-1006.6_amd64.debLinux
Linux kernel (USN-7649-1) USN-7649-1 linux-image-realtime-hwe-24.04_6.14.0-1006.6_amd64.debLinux
Linux kernel (USN-7649-1) USN-7649-1 linux-image-virtual_6.14.0-24.24_amd64.debLinux
Linux kernel (USN-7649-1) USN-7649-1 linux-image-virtual-6.14_6.14.0-24.24_amd64.debLinux
Linux kernel (USN-7649-1) USN-7649-1 linux-image-virtual-hwe-24.04_6.14.0-24.24_amd64.debLinux
Linux kernel for OEM systems (USN-7650-1) USN-7650-1 linux-image-6.14.0-1007-oem_6.14.0-1007.7_amd64.debLinux
Linux kernel for OEM systems (USN-7650-1) USN-7650-1 linux-image-oem-24.04c_6.14.0-1007.7_amd64.debLinux
Linux kernel for OEM systems (USN-7650-1) USN-7650-1 linux-image-oem-6.14_6.14.0-1007.7_amd64.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-7649-2) USN-7649-2 linux-image-6.14.0-1009-aws_6.14.0-1009.9_amd64.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-7649-2) USN-7649-2 linux-image-aws_6.14.0-1009.9_amd64.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-7649-2) USN-7649-2 linux-image-aws-6.14_6.14.0-1009.9_amd64.debLinux
Linux kernel for Oracle Cloud systems (USN-7665-1) USN-7665-1 linux-image-6.14.0-1009-oracle_6.14.0-1009.9_amd64.debLinux
Linux kernel for Oracle Cloud systems (USN-7665-1) USN-7665-1 linux-image-oracle_6.14.0-1009.9_amd64.debLinux
Linux kernel for Oracle Cloud systems (USN-7665-1) USN-7665-1 linux-image-oracle-6.14_6.14.0-1009.9_amd64.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-7665-2) USN-7665-2 linux-image-6.14.0-1009-aws_6.14.0-1009.9~24.04.1_amd64.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-7665-2) USN-7665-2 linux-image-aws_6.14.0-1009.9~24.04.1_amd64.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-7665-2) USN-7665-2 linux-image-aws-6.14_6.14.0-1009.9~24.04.1_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234