vulnerability

Debian: CVE-2025-37909: linux, linux-6.1 -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:N/A:C)	May 20, 2025	May 28, 2025	Mar 30, 2026

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

May 20, 2025

Added

May 28, 2025

Modified

Mar 30, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

net: lan743x: Fix memleak issue when GSO enabled

Always map the `skb` to the LS descriptor. Previously skb was
mapped to EXT descriptor when the number of fragments is zero with
GSO enabled. Mapping the skb to EXT descriptor prevents it from
being freed, leading to a memory leak

Solutions

debian-upgrade-linuxdebian-upgrade-linux-6-1

References

CVE-2025-37909
https://attackerkb.com/topics/CVE-2025-37909
CWE-401
DEBIAN-DSA-5925-1
EUVD-EUVD-2025-15929
https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-15929

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report