CVE-2025-37980 - Vulnerability Details

- block: fix resource leak in blk_register_queue() error path

Description

In the Linux kernel, the following vulnerability has been resolved:

block: fix resource leak in blk_register_queue() error path

When registering a queue fails after blk_mq_sysfs_register() is
successful but the function later encounters an error, we need
to clean up the blk_mq_sysfs resources.

Add the missing blk_mq_sysfs_unregister() call in the error path
to properly clean up these resources and prevent a memory leak.

Published: 2025-05-20

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a resource leak in the Linux kernel’s blk_register_queue error path. When a block queue registration succeeds through blk_mq_sysfs_register() but a later error occurs, the previously created sysfs resources are not removed, causing kernel memory to be consumed over time. This is a classic example of CWE-401 Unreleased Resource. The leak may allow an attacker to trigger repeated errors and eventually exhaust kernel memory, leading to a denial of service. The likely attack vector is any code path that registers block queues in the kernel, such as a custom block driver. The description states the missing cleanup, and it is inferred that repeated exploitation would accumulate unreleased memory until exhaustion.

Affected Systems

All Linux kernel builds prior to the fix, notably the 6.15 release candidates 1 and 2 and any earlier releases, are affected. Updating to a kernel version that includes commit 40f2eb9b5315 resolves the issue.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate impact. The EPSS score of less than 1% suggests low probability of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog. The error path requires the ability to invoke blk_register_queue, which normally necessitates privileged kernel code or a custom module; therefore a local attacker with elevated privileges or an existing module could exploit it. No publicly known exploit is available. Based on the description, it is inferred that a local privileged attacker could repeatedly trigger the error path to exhaust kernel memory and cause a denial of service.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`320ae51feed5c2f13664aa05a76bec198967e04d`	affected	< 6af6d5feebf9423ab3b252831d1f52de31a8b5e0
`320ae51feed5c2f13664aa05a76bec198967e04d`	affected	< 549cbbd14bbec12469ceb279b79c763c8a24224e
`320ae51feed5c2f13664aa05a76bec198967e04d`	affected	< 41e43134ddda35949974be40520460a12dda3502
`320ae51feed5c2f13664aa05a76bec198967e04d`	affected	< 55a7bb2708f7c7c5b366d4e40916113168a3824c
`320ae51feed5c2f13664aa05a76bec198967e04d`	affected	< 40f2eb9b531475dd01b683fdaf61ca3cfd03a51e

Linux

affected

Version	Status	Constraints
`3.13`	affected	—
`0`	unaffected	< 3.13
`6.1.168`	unaffected	≤ 6.1.*
`6.6.88`	unaffected	≤ 6.6.*
`6.12.25`	unaffected	≤ 6.12.*
`6.14.4`	unaffected	≤ 6.14.*
`6.15`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc2::::::

No data.

Vendor	Product	Confidence	Versions
Linux	Linux Kernel	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply a kernel update that includes the blk_register_queue resource leak fix (commit 40f2eb9b5315) to run a patched Linux kernel version, such as any release after the patch.
If a kernel update is not immediately available, avoid loading custom block drivers that call blk_register_queue until the fix is applied, or isolate such drivers in a restricted environment to limit the potential impact.
Configure system monitoring to detect abnormal kernel memory usage and set alerts to prompt administrators to apply the patch promptly.

Generated by OpenCVE AI on April 21, 2026 at 20:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-15882	In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is successful but the function later encounters an error, we need to clean up the blk_mq_sysfs resources. Add the missing blk_mq_sysfs_unregister() call in the error path to properly clean up these resources and prevent a memory leak.
Ubuntu USN	USN-7594-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7594-2	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7594-3	Linux kernel vulnerabilities
Ubuntu USN	USN-8028-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8028-2	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8031-1	Linux kernel (GCP) vulnerabilities
Ubuntu USN	USN-8028-3	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8028-4	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-8028-5	Linux kernel vulnerabilities
Ubuntu USN	USN-8031-2	Linux kernel (GCP FIPS) vulnerabilities
Ubuntu USN	USN-8028-6	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-8031-3	Linux kernel vulnerabilities
Ubuntu USN	USN-8052-1	Linux kernel (Low Latency) vulnerabilities
Ubuntu USN	USN-8028-7	Linux kernel (Low Latency NVIDIA) vulnerabilities
Ubuntu USN	USN-8028-8	Linux kernel (IBM) vulnerabilities
Ubuntu USN	USN-8052-2	Linux kernel (Xilinx) vulnerabilities
Ubuntu USN	USN-8074-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8074-2	Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN	USN-8126-1	Linux kernel (Azure) vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00063.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/40f2eb9b531475dd01b683fdaf61ca3cfd03a51e
https://git.kernel.org/stable/c/41e43134ddda35949974be40520460a12dda3502
https://git.kernel.org/stable/c/549cbbd14bbec12469ceb279b79c763c8a24224e
https://git.kernel.org/stable/c/55a7bb2708f7c7c5b366d4e40916113168a3824c
https://git.kernel.org/stable/c/6af6d5feebf9423ab3b252831d1f52de31a8b5e0
https://lore.kernel.org/linux-cve-announce/2025052040-CVE-2025-37980-561f@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-37980
https://www.cve.org/CVERecord?id=CVE-2025-37980

History

Sat, 11 Apr 2026 13:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/6af6d5feebf9423ab3b252831d1f52de31a8b5e0

Fri, 14 Nov 2025 17:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.15:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.15:rc2::::::

Thu, 22 May 2025 02:45:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025052040-CVE-2025-37980-561f@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-37980 https://www.cve.org/CVERecord?id=CVE-2025-37980
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Tue, 20 May 2025 17:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is successful but the function later encounters an error, we need to clean up the blk_mq_sysfs resources. Add the missing blk_mq_sysfs_unregister() call in the error path to properly clean up these resources and prevent a memory leak.
Title		block: fix resource leak in blk_register_queue() error path
References		https://git.kernel.org/stable/c/40f2eb9b531475dd01b683fdaf61ca3cfd03a51e https://git.kernel.org/stable/c/41e43134ddda35949974be40520460a12dda3502 https://git.kernel.org/stable/c/549cbbd14bbec12469ceb279b79c763c8a24224e https://git.kernel.org/stable/c/55a7bb2708f7c7c5b366d4e40916113168a3824c

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-05-20T16:58:22.720Z

Updated: 2026-04-11T12:45:34.912Z

Reserved: 2025-04-16T04:51:23.975Z

Link: CVE-2025-37980

Vulnrichment

No data.

NVD

Status : Modified

Published: 2025-05-20T17:15:48.650

Modified: 2026-04-11T13:16:34.893

Link: CVE-2025-37980

Redhat

Severity : Low

Publid Date: 2025-05-20T00:00:00Z

Links: CVE-2025-37980 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-21T20:45:25Z

Weaknesses

CWE-401

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object