CVE-2025-37788 – A memory leak vulnerability exists in the Linux... (How to Fix)

Q: What is the severity of CVE-2025-37788?

CVE-2025-37788 has a CVSS score of 5.5 (MEDIUM). A memory leak vulnerability exists in the Linux kernel's cxgb4 driver when initializing ethtool filters. If memory allocation fails for the bmap structure after successfully allocating loc_array, the previously allocated memory isn't properly freed, causing a kernel memory leak. This affects systems using Chelsio T4/T5/T6 network adapters with the cxgb4 driver.

📋 TL;DR

A memory leak vulnerability exists in the Linux kernel's cxgb4 driver when initializing ethtool filters. If memory allocation fails for the bmap structure after successfully allocating loc_array, the previously allocated memory isn't properly freed, causing a kernel memory leak. This affects systems using Chelsio T4/T5/T6 network adapters with the cxgb4 driver.

💻 Affected Systems

Products:

Linux kernel with cxgb4 driver

Versions: Linux kernel versions containing vulnerable cxgb4 driver code (specific versions not specified in CVE)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Chelsio T4/T5/T6 network adapters using the cxgb4 driver. The vulnerability is triggered during ethtool filter initialization error conditions.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or potential kernel crashes.

🟠

Likely Case

Gradual memory consumption over time leading to performance degradation and eventual system instability requiring reboot.

🟢

If Mitigated

Limited impact with proper monitoring and memory limits in place, though still undesirable in production environments.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger the specific error condition through network operations

🏢 Internal Only: MEDIUM - Could be triggered by authorized users or automated systems performing network configuration operations

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering the specific error condition in memory allocation, which may require repeated attempts or specific system conditions. Requires local access or ability to perform network configuration operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in kernel commits referenced in CVE (00ffb3724ce7, 08aa59c0be76, 118d05b53034, 76deedea0889, dafb6e433ab2)

Vendor Advisory: https://git.kernel.org/stable/c/00ffb3724ce743578163f5ade2884374554ca021

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify cxgb4 driver is loaded with patched kernel version.

🔧 Temporary Workarounds

Disable ethtool filter functionality

linux

Prevent triggering the vulnerable code path by avoiding ethtool filter operations

# Avoid using ethtool filter commands on cxgb4 interfaces
# Example: ethtool -U ethX ... should be avoided

Use alternative network adapter

linux

Replace Chelsio adapters with different hardware not using cxgb4 driver

🧯 If You Can't Patch

Implement kernel memory monitoring and alerting for unusual consumption patterns
Restrict user access to ethtool and network configuration utilities

🔍 How to Verify

Check if Vulnerable:

Check if cxgb4 driver is loaded: lsmod | grep cxgb4. Check kernel version against patched versions in git commits.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits: git log --oneline | grep -E '(00ffb3724ce7|08aa59c0be76|118d05b53034|76deedea0889|dafb6e433ab2)'

📡 Detection & Monitoring

Log Indicators:

Kernel OOM (Out of Memory) messages
System instability or crashes after network configuration changes
Memory consumption alerts from monitoring systems

Network Indicators:

None specific - this is a local memory management issue

SIEM Query:

source="kernel" AND ("out of memory" OR "kernel panic") AND process="cxgb4"

📊 Metadata

CVE ID: CVE-2025-37788

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

EPSS Score: 0.03% exploit probability (6.2th percentile)

Published: May 1, 2025

Last Updated: November 6, 2025

🔗 References

https://git.kernel.org/stable/c/00ffb3724ce743578163f5ade2884374554ca021 Patch
https://git.kernel.org/stable/c/08aa59c0be768596467552c129e9f82166779a67 Patch
https://git.kernel.org/stable/c/118d05b530343cd9322607b9719405ba254a4183 Patch
https://git.kernel.org/stable/c/76deedea08899885f076aba0bb80bd1276446822 Patch
https://git.kernel.org/stable/c/dafb6e433ab2333b67be05433dc9c6ccbc7b1284 Patch
https://git.kernel.org/stable/c/e9de08e15aee35b96064960f95997bb6c1209c4b Patch
https://git.kernel.org/stable/c/fa2d7708955e4f8212fd69bab1da604e60cb0b15 Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-37788, you might also want to check these: