CVE Catalog

CVE-2025-37980

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile - higher than 5% of all known CVEs

Summary

A resource leak was found in the Linux kernel's blk_register_queue() function error path. When queue registration succeeds for blk_mq_sysfs_register() but a later error occurs, the missing blk_mq_sysfs_unregister() call causes a memory leak.

Risk Assessment

Memory leak can degrade system performance and, in extreme cases, exhaust available memory, potentially causing system or service crashes.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit adding blk_mq_sysfs_unregister() in the error path). Monitor patch availability for your distribution.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is successful but the function later encounters an error, we need to clean up the blk_mq_sysfs resources. Add the missing blk_mq_sysfs_unregister() call in the error path to properly clean up these resources and prevent a memory leak.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS