CVE-2025-37908

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-37908
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37908.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-37908
Downstream
Published
2025-05-20T15:21:41.121Z
Modified
2025-11-20T08:47:24.373340Z
Summary
mm, slab: clean up slab->obj_exts always
Details

In the Linux kernel, the following vulnerability has been resolved:

mm, slab: clean up slab->obj_exts always

When memory allocation profiling is disabled at runtime or due to an error, shutdownmemprofiling() is called: slab->objexts which previously allocated remains. It won't be cleared by unaccountslab() because of memallocprofilingenabled() not true. It's incorrect, slab->objexts should always be cleaned up in unaccount_slab() to avoid following error:

[...]BUG: Bad page state in process... .. [...]page dumped because: page still charged to cgroup

[andriy.shevchenko@linux.intel.com: fold needslabobj_ext() into its only user]

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
21c690a349baab895dc68ab70d291e1598d7109d
Fixed
dab2a13059a475b6392550f882276e170fe2fcff
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
21c690a349baab895dc68ab70d291e1598d7109d
Fixed
01db0e1a48345aa1937f3bdfc7c7108d03ebcf7e
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
21c690a349baab895dc68ab70d291e1598d7109d
Fixed
be8250786ca94952a19ce87f98ad9906448bc9ef

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.14.1
v6.14.2
v6.14.3
v6.14.4
v6.14.5
v6.15-rc1
v6.9
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "id": "CVE-2025-37908-33be2c10",
        "signature_version": "v1",
        "digest": {
            "length": 212.0,
            "function_hash": "97957807675420222415176574214009600296"
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dab2a13059a475b6392550f882276e170fe2fcff",
        "target": {
            "file": "mm/slub.c",
            "function": "unaccount_slab"
        }
    },
    {
        "id": "CVE-2025-37908-87a62432",
        "signature_version": "v1",
        "digest": {
            "length": 91.0,
            "function_hash": "277770511785238568655172797624678597531"
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dab2a13059a475b6392550f882276e170fe2fcff",
        "target": {
            "file": "mm/slub.c",
            "function": "need_slab_obj_ext"
        }
    },
    {
        "id": "CVE-2025-37908-ebbcb861",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "25085993447877194172150306617016508930",
                "302592728714989924989699507731221854153",
                "207501043407323789638505801764642905896",
                "243556991945151907223993900287092521670",
                "52350011466230525844812470952204485935",
                "330697245568497291816041353200639096853",
                "216015766303107272292418592140281131205",
                "18734412032540691480263739077298137966",
                "71043506980396588059736250538497414668",
                "193639609648817964709719558348579996167",
                "197264156541398746490409540779393153245",
                "112145762305462248920431394911841362532",
                "114702521198944845156753371973513442267",
                "13983307218782605643106368001404847137",
                "97481001744166081268054017911850852741",
                "183456735456342226214523369067049354387",
                "290258482191514344278387609569585404472",
                "5250165445209838260032418178670100076",
                "268065576358025030533217043738705094290",
                "113498360046092468991842248542369441481",
                "33010271208747306102198800230979637368",
                "88883970491383365114176361488756968804",
                "194998013827764752033480490614849405501",
                "137431715392866211519967607695686893111",
                "304125299047321046669383514477131922742"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dab2a13059a475b6392550f882276e170fe2fcff",
        "target": {
            "file": "mm/slub.c"
        }
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.10.0
Fixed
6.12.28
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.14.6