{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-37908","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:23.966Z","datePublished":"2025-05-20T15:21:41.121Z","dateUpdated":"2026-05-11T21:17:26.068Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:17:26.068Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm, slab: clean up slab->obj_exts always\n\nWhen memory allocation profiling is disabled at runtime or due to an\nerror, shutdown_mem_profiling() is called: slab->obj_exts which\npreviously allocated remains.\nIt won't be cleared by unaccount_slab() because of\nmem_alloc_profiling_enabled() not true. It's incorrect, slab->obj_exts\nshould always be cleaned up in unaccount_slab() to avoid following error:\n\n[...]BUG: Bad page state in process...\n..\n[...]page dumped because: page still charged to cgroup\n\n[andriy.shevchenko@linux.intel.com: fold need_slab_obj_ext() into its only user]"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["mm/slub.c"],"versions":[{"version":"21c690a349baab895dc68ab70d291e1598d7109d","lessThan":"dab2a13059a475b6392550f882276e170fe2fcff","status":"affected","versionType":"git"},{"version":"21c690a349baab895dc68ab70d291e1598d7109d","lessThan":"01db0e1a48345aa1937f3bdfc7c7108d03ebcf7e","status":"affected","versionType":"git"},{"version":"21c690a349baab895dc68ab70d291e1598d7109d","lessThan":"be8250786ca94952a19ce87f98ad9906448bc9ef","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["mm/slub.c"],"versions":[{"version":"6.10","status":"affected"},{"version":"0","lessThan":"6.10","status":"unaffected","versionType":"semver"},{"version":"6.12.28","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.14.6","lessThanOrEqual":"6.14.*","status":"unaffected","versionType":"semver"},{"version":"6.15","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.12.28"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.14.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.15"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/dab2a13059a475b6392550f882276e170fe2fcff"},{"url":"https://git.kernel.org/stable/c/01db0e1a48345aa1937f3bdfc7c7108d03ebcf7e"},{"url":"https://git.kernel.org/stable/c/be8250786ca94952a19ce87f98ad9906448bc9ef"}],"title":"mm, slab: clean up slab->obj_exts always","x_generator":{"engine":"bippy-1.2.0"}}}}