CVE-2025-39756 – A memory allocation vulnerability in the Linux ... (How to Fix)

Q: What is the severity of CVE-2025-39756?

CVE-2025-39756 has a CVSS score of 5.5 (MEDIUM). A memory allocation vulnerability in the Linux kernel occurs when file descriptor tables attempt to allocate more than INT_MAX bytes (2GB) due to high nr_open values set by systemd. This triggers kernel warnings and potential denial-of-service conditions. Systems running Linux kernels with systemd's automatic nr_open configuration are affected.

📋 TL;DR

A memory allocation vulnerability in the Linux kernel occurs when file descriptor tables attempt to allocate more than INT_MAX bytes (2GB) due to high nr_open values set by systemd. This triggers kernel warnings and potential denial-of-service conditions. Systems running Linux kernels with systemd's automatic nr_open configuration are affected.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernels before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using systemd with automatic nr_open configuration

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerable when systemd sets fs.nr_open to high values (like 1073741816) and processes attempt to use file descriptors near the limit.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel warning/panic leading to system instability or crash, causing denial-of-service for affected processes or the entire system.

🟠

Likely Case

Kernel warnings in dmesg when processes attempt to use very high file descriptors, potentially causing process failures with EMFILE errors.

🟢

If Mitigated

Process receives EMFILE error when attempting to use file descriptors that would trigger excessive allocations, with no kernel warnings.

🌐 Internet-Facing: LOW - Requires local process execution and specific configuration; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local users or processes can trigger kernel warnings, potentially affecting system stability in environments with high nr_open values.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Proof-of-concept code is included in the CVE description. Exploitation requires local access and ability to run code that uses high file descriptors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 04a2c4b4511d186b0fce685da21085a5d4acd370 or later

Vendor Advisory: https://git.kernel.org/stable/c/04a2c4b4511d186b0fce685da21085a5d4acd370

Restart Required: No

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot if kernel update requires it. 3. Verify fix by checking kernel version.

🔧 Temporary Workarounds

Limit nr_open value

all

Manually set fs.nr_open to a lower value to prevent excessive allocations

echo 1048576 > /proc/sys/fs/nr_open
sysctl -w fs.nr_open=1048576

Disable systemd's automatic nr_open bump

systemd-based

Configure systemd to not automatically increase nr_open values

systemctl edit systemd-sysctl
Add: [Service]
Environment=SYSTEMD_SYSCTL_IGNORE_INTERNAL=1

🧯 If You Can't Patch

Monitor dmesg for kernel warnings related to mm/slub.c allocations
Implement process controls to prevent programs from using extremely high file descriptors

🔍 How to Verify

Check if Vulnerable:

Check if nr_open is set to high value: cat /proc/sys/fs/nr_open | grep -E '1073741816|2147483647'

Check Version:

uname -r

Verify Fix Applied:

Run the reproducer program from CVE description and check dmesg for absence of WARNING at mm/slub.c:5027

📡 Detection & Monitoring

Log Indicators:

WARNING: CPU: 0 PID: [0-9]+ at mm/slub.c:5027 __kvmalloc_node_noprof
Kernel warnings about allocation size exceeding INT_MAX

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND "mm/slub.c:5027" AND "WARNING"

📊 Metadata

CVE ID: CVE-2025-39756

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

EPSS Score: 0.02% exploit probability (3.9th percentile)

Published: September 11, 2025

Last Updated: January 9, 2026

🔗 References

https://git.kernel.org/stable/c/04a2c4b4511d186b0fce685da21085a5d4acd370 Patch
https://git.kernel.org/stable/c/237e416eb62101f21b28c9e6e564d10efe1ecc6f Patch
https://git.kernel.org/stable/c/628fc28f42d979f36dbf75a6129ac7730e30c04e Patch
https://git.kernel.org/stable/c/749528086620f8012b83ae032a80f6ffa80c45cd Patch
https://git.kernel.org/stable/c/9f61fa6a2a89a610120bc4e5d24379c667314b5c Patch
https://git.kernel.org/stable/c/b4159c5a90c03f8acd3de345a7f5fc63b0909818 Patch
https://git.kernel.org/stable/c/d4f9351243c17865a8cdbe6b3ccd09d0b13a7bcc Patch
https://git.kernel.org/stable/c/dfd1f4ea98c3bd3a03d12169b5b2daa1f0a3e4ae Patch
https://git.kernel.org/stable/c/f95638a8f22eba307dceddf5aef9ae2326bbcf98 Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Third Party Advisory,Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory,Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-39756, you might also want to check these: