cve-2025-37788
Vulnerability from cvelistv5
Published
2025-05-01 13:07
Modified
2025-05-04 07:32
Severity ?
EPSS score ?
Summary
cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path
References
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e9de08e15aee35b96064960f95997bb6c1209c4b",
"status": "affected",
"version": "d915c299f1da68a7dbb43895b8741c7b916c9d08",
"versionType": "git"
},
{
"lessThan": "118d05b530343cd9322607b9719405ba254a4183",
"status": "affected",
"version": "d915c299f1da68a7dbb43895b8741c7b916c9d08",
"versionType": "git"
},
{
"lessThan": "fa2d7708955e4f8212fd69bab1da604e60cb0b15",
"status": "affected",
"version": "d915c299f1da68a7dbb43895b8741c7b916c9d08",
"versionType": "git"
},
{
"lessThan": "08aa59c0be768596467552c129e9f82166779a67",
"status": "affected",
"version": "d915c299f1da68a7dbb43895b8741c7b916c9d08",
"versionType": "git"
},
{
"lessThan": "dafb6e433ab2333b67be05433dc9c6ccbc7b1284",
"status": "affected",
"version": "d915c299f1da68a7dbb43895b8741c7b916c9d08",
"versionType": "git"
},
{
"lessThan": "76deedea08899885f076aba0bb80bd1276446822",
"status": "affected",
"version": "d915c299f1da68a7dbb43895b8741c7b916c9d08",
"versionType": "git"
},
{
"lessThan": "00ffb3724ce743578163f5ade2884374554ca021",
"status": "affected",
"version": "d915c299f1da68a7dbb43895b8741c7b916c9d08",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.237",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.135",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.25",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15-rc3",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.237",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.181",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.135",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.88",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.25",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.4",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15-rc3",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path\n\nIn the for loop used to allocate the loc_array and bmap for each port, a\nmemory leak is possible when the allocation for loc_array succeeds,\nbut the allocation for bmap fails. This is because when the control flow\ngoes to the label free_eth_finfo, only the allocations starting from\n(i-1)th iteration are freed.\n\nFix that by freeing the loc_array in the bmap allocation error path."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:32:36.531Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e9de08e15aee35b96064960f95997bb6c1209c4b"
},
{
"url": "https://git.kernel.org/stable/c/118d05b530343cd9322607b9719405ba254a4183"
},
{
"url": "https://git.kernel.org/stable/c/fa2d7708955e4f8212fd69bab1da604e60cb0b15"
},
{
"url": "https://git.kernel.org/stable/c/08aa59c0be768596467552c129e9f82166779a67"
},
{
"url": "https://git.kernel.org/stable/c/dafb6e433ab2333b67be05433dc9c6ccbc7b1284"
},
{
"url": "https://git.kernel.org/stable/c/76deedea08899885f076aba0bb80bd1276446822"
},
{
"url": "https://git.kernel.org/stable/c/00ffb3724ce743578163f5ade2884374554ca021"
}
],
"title": "cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-37788",
"datePublished": "2025-05-01T13:07:22.208Z",
"dateReserved": "2025-04-16T04:51:23.940Z",
"dateUpdated": "2025-05-04T07:32:36.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-37788\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-05-01T14:15:43.163\",\"lastModified\":\"2025-05-02T13:53:20.943\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path\\n\\nIn the for loop used to allocate the loc_array and bmap for each port, a\\nmemory leak is possible when the allocation for loc_array succeeds,\\nbut the allocation for bmap fails. This is because when the control flow\\ngoes to the label free_eth_finfo, only the allocations starting from\\n(i-1)th iteration are freed.\\n\\nFix that by freeing the loc_array in the bmap allocation error path.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cxgb4: Se corrige la fuga de memoria en la ruta de error de cxgb4_init_ethtool_filters(). En el bucle for utilizado para asignar loc_array y bmap para cada puerto, es posible que se produzca una fuga de memoria cuando la asignaci\u00f3n de loc_array se realiza correctamente, pero la de bmap falla. Esto se debe a que, cuando el flujo de control accede a la etiqueta free_eth_finfo, solo se liberan las asignaciones a partir de la iteraci\u00f3n (i-1). Para solucionar esto, libere loc_array en la ruta de error de asignaci\u00f3n de bmap.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/00ffb3724ce743578163f5ade2884374554ca021\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/08aa59c0be768596467552c129e9f82166779a67\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/118d05b530343cd9322607b9719405ba254a4183\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/76deedea08899885f076aba0bb80bd1276446822\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/dafb6e433ab2333b67be05433dc9c6ccbc7b1284\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e9de08e15aee35b96064960f95997bb6c1209c4b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fa2d7708955e4f8212fd69bab1da604e60cb0b15\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.