Login Sign Up

CVE-2025-37738

7.8 HIGH
Denial of Service

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's ext4 filesystem allows attackers to cause memory corruption when processing extended attributes. This affects Linux systems using ext4 filesystems and can lead to system crashes or potential privilege escalation. The vulnerability occurs during inode eviction when xattr entries are processed beyond valid boundaries.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions before fixes in stable releases (specific versions in git commits provided)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using ext4 filesystem. Requires filesystem operations that trigger xattr processing during inode eviction.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to denial of service, or potential privilege escalation to kernel-level code execution if combined with other vulnerabilities.

🟠

Likely Case

System crash or kernel panic causing denial of service, requiring system reboot.

🟢

If Mitigated

Limited impact if systems have proper isolation and minimal ext4 usage, though crashes could still affect availability.

🌐 Internet-Facing: LOW - Requires local access to filesystem operations, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local users or processes could trigger the vulnerability, potentially affecting system stability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to manipulate filesystem operations. The KASAN report shows a reproducer exists but not publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel stable releases via commits: 362a90cecd36e8a5c415966d0b75b04a0270e4dd, 3bc6317033f365ce578eb6039445fb66162722fd, 6aff941cb0f7d0c897c3698ad2e30672709135e3, 76c365fa7e2a8bb85f0190cdb4b8cdc99b2fdce3, 836e625b03a666cf93ff5be328c8cb30336db872

Vendor Advisory: https://git.kernel.org/stable/c/

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing fixes. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update. 4. Verify kernel version matches patched release.

🔧 Temporary Workarounds

Disable ext4 xattr features

linux

Mount ext4 filesystems with 'noacl' and 'nouser_xattr' options to disable extended attribute processing

mount -o remount,noacl,nouser_xattr /mountpoint
Add 'noacl,nouser_xattr' to /etc/fstab for persistent configuration

🧯 If You Can't Patch

  • Restrict user access to filesystem operations that trigger inode eviction
  • Implement strict process isolation and limit filesystem manipulation capabilities

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched releases. Run: uname -r and verify against distribution security advisories.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update matches patched release. Check that ext4 operations don't trigger KASAN warnings.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • KASAN reports in dmesg
  • System crash logs
  • Unexpected system reboots

Network Indicators:

  • None - local vulnerability only

SIEM Query:

Search for: 'KASAN: slab-use-after-free', 'ext4_xattr_inode_dec_ref_all', 'kernel panic' in system logs

📊 Metadata

CVE ID: CVE-2025-37738
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
EPSS Score: 0.02% exploit probability (4.3th percentile)
Published: May 1, 2025
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-37738, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)