Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2025-37764

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/05/2025
Last modified:
06/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/imagination: fix firmware memory leaks<br /> <br /> Free the memory used to hold the results of firmware image processing<br /> when the module is unloaded.<br /> <br /> Fix the related issue of the same memory being leaked if processing<br /> of the firmware image fails during module load.<br /> <br /> Ensure all firmware GEM objects are destroyed if firmware image<br /> processing fails.<br /> <br /> Fixes memory leaks on powervr module unload detected by Kmemleak:<br /> <br /> unreferenced object 0xffff000042e20000 (size 94208):<br /> comm "modprobe", pid 470, jiffies 4295277154<br /> hex dump (first 32 bytes):<br /> 02 ae 7f ed bf 45 84 00 3c 5b 1f ed 9f 45 45 05 .....E..

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.8 (including) 6.12.25 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13 (including) 6.14.4 (excluding)
cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools