CVE-2025-37807
📋 TL;DR
This CVE describes a memory alignment issue in the Linux kernel's BPF subsystem that causes false positive kmemleak warnings for percpu hashmap allocations. It affects Linux systems with BPF enabled and CONFIG_DEBUG_KMEMLEAK configured. The vulnerability doesn't allow memory corruption or privilege escalation but creates misleading debugging output.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
No security impact - this is a debugging tool false positive issue, not an exploitable vulnerability. At worst, it creates misleading memory leak reports that could distract from real issues.
Likely Case
System administrators or developers see false memory leak warnings in kmemleak reports, potentially wasting time investigating non-existent issues.
If Mitigated
With proper kernel configuration (CONFIG_DEBUG_KMEMLEAK disabled), there is no impact as kmemleak won't run.
🎯 Exploit Status
This is not an exploitable vulnerability - it's a debugging tool false positive. No security exploitation is possible.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in kernel commits: 11ba7ce076e5903e7bdc1fd1498979c331b3c286, 1f1c29aa1934177349c17e3c32e68ec38a7a56df, 7758e308aeda1038aba1944f7302d34161b3effe
Vendor Advisory: https://git.kernel.org/stable/c/11ba7ce076e5903e7bdc1fd1498979c331b3c286
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. Reboot the system to load the new kernel. 3. Verify kmemleak no longer reports false positives for percpu hashmap allocations.
🔧 Temporary Workarounds
Disable kmemleak debugging
linuxDisable CONFIG_DEBUG_KMEMLEAK kernel configuration to prevent false positive reports
echo 0 > /sys/kernel/debug/kmemleak
Or rebuild kernel without CONFIG_DEBUG_KMEMLEAK
Avoid percpu hashmap usage
linuxAvoid using BPF percpu hashmap features that trigger the alignment issue
🧯 If You Can't Patch
- Disable CONFIG_DEBUG_KMEMLEAK in production systems (should already be disabled)
- Monitor kmemleak output and ignore false positives related to percpu hashmap allocations
🔍 How to Verify
Check if Vulnerable:
Check if CONFIG_DEBUG_KMEMLEAK is enabled and test with BPF selftest: './test_progs -t for_each/hash_map' while monitoring kmemleak outputCheck Version:
uname -rVerify Fix Applied:
After patching, run the same BPF selftest and verify no kmemleak warnings appear for percpu hashmap allocations📡 Detection & Monitoring
Log Indicators:
- kmemleak warnings mentioning 'pcpu_alloc_noprof', 'bpf_map_alloc_percpu', or percpu hashmap allocations
SIEM Query:
Search for kernel logs containing 'kmemleak' and 'percpu' or 'bpf_map_alloc_percpu'