CVE-2025-37983
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's qibfs filesystem driver. When the kernel fails to allocate an inode during filesystem operations, it leaks a dentry object, potentially leading to kernel memory exhaustion. This affects Linux systems using the qibfs driver, typically in HPC/InfiniBand environments.
💻 Affected Systems
- Linux kernel with qibfs driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or kernel panic.
Likely Case
Local users could trigger the leak through repeated filesystem operations, gradually consuming kernel memory and potentially degrading system performance.
If Mitigated
With proper memory limits and monitoring, impact is limited to potential performance degradation rather than complete system failure.
🎯 Exploit Status
Requires local access and ability to trigger qibfs operations. Exploitation depends on triggering specific allocation failures.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in kernel commits referenced in CVE (e.g., 24faa6ea274a2b96d0a78a0996c3137c2b2a65f0)
Vendor Advisory: https://git.kernel.org/stable/c/24faa6ea274a2b96d0a78a0996c3137c2b2a65f0
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check with your distribution for backported patches. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable qibfs module
linuxUnload the qibfs kernel module if not required
rmmod qibfs
echo 'blacklist qibfs' >> /etc/modprobe.d/blacklist.conf
Restrict user access
linuxLimit which users can access qibfs filesystem operations
chmod 700 /sys/class/infiniband/qibfs
setfacl -m u:root:rwx /sys/class/infiniband/qibfs
🧯 If You Can't Patch
- Monitor kernel memory usage for unusual growth patterns
- Implement strict access controls to limit who can perform filesystem operations on qibfs
🔍 How to Verify
Check if Vulnerable:
Check if qibfs module is loaded: lsmod | grep qibfs && check kernel version against patched commitsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits or check with 'modinfo qibfs' for version info📡 Detection & Monitoring
Log Indicators:
- Kernel OOM messages
- Unusual memory allocation failures in dmesg
- Repeated qibfs-related errors
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("qibfs" OR "dentry leak" OR "memory leak")🔗 References
- https://git.kernel.org/stable/c/24faa6ea274a2b96d0a78a0996c3137c2b2a65f0
- https://git.kernel.org/stable/c/3c2fde33e3e505dfd1a895d1f24bad650c655e14
- https://git.kernel.org/stable/c/47ab2caba495c1d6a899d284e541a8df656dcfe9
- https://git.kernel.org/stable/c/545defa656568c74590317cd30068f85134a8216
- https://git.kernel.org/stable/c/5d53e88d8370b9ab14dd830abb410d9a2671edb6
- https://git.kernel.org/stable/c/5e280cce3a29b7fe7b828c6ccd5aa5ba87ceb6b6
- https://git.kernel.org/stable/c/5fe708c5e3c8b2152c6caaa67243e431a5d6cca3
- https://git.kernel.org/stable/c/bdb43af4fdb39f844ede401bdb1258f67a580a27
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
