CVE-2025-37983

low-risk

Published 2025-05-20

In the Linux kernel, the following vulnerability has been resolved: qibfs: fix _another_ leak failure to allocate inode => leaked dentry... this one had been there since the initial merge; to be fair, if we are that far OOM, the odds of failing at that particular allocation are low...

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (2)

Linux Kernel

Debian Linux

Affected Vendors

Debian Linux

References (9)

Patch https://git.kernel.org/stable/c/24faa6ea274a2b96d0a78a0996c3137c2b2a65f0

Patch https://git.kernel.org/stable/c/3c2fde33e3e505dfd1a895d1f24bad650c655e14

Patch https://git.kernel.org/stable/c/47ab2caba495c1d6a899d284e541a8df656dcfe9

Patch https://git.kernel.org/stable/c/545defa656568c74590317cd30068f85134a8216

Patch https://git.kernel.org/stable/c/5d53e88d8370b9ab14dd830abb410d9a2671edb6

Patch https://git.kernel.org/stable/c/5e280cce3a29b7fe7b828c6ccd5aa5ba87ceb6b6

Patch https://git.kernel.org/stable/c/5fe708c5e3c8b2152c6caaa67243e431a5d6cca3

Patch https://git.kernel.org/stable/c/bdb43af4fdb39f844ede401bdb1258f67a580a27

Third Party Advisory https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 7/34 · Low