CVE-2025-37807: 
Linux Kernel vulnerability analysis and mitigation

A memory leak vulnerability (CVE-2025-37807) was discovered in the Linux kernel's BPF subsystem, specifically related to percpu hashmap handling. The vulnerability was reported by Vlad Poenaru and disclosed on May 8, 2025. The issue affects various Linux distributions including Ubuntu, Debian, and Red Hat Enterprise Linux systems (NVD, Ubuntu Security).

The vulnerability stems from an improper 8-byte alignment in the storage of percpu pointers in htabelemsetptr(). When the keysize is 4, the pptr is stored in a location that is 4-byte aligned but not 8-byte aligned. This misalignment causes scanblock() in mm/kmemleak.c to miss the pptr during memory scans, resulting in false memory leak reports. The issue can be reproduced using bpf selftest by enabling CONFIGDEBUGKMEMLEAK config and modifying testhashmap() in progtests/for_each.c (NVD).

The vulnerability affects multiple Linux distributions and their derivatives, with Ubuntu marking it as Medium priority across various releases including 22.04 LTS, 24.04 LTS, and 25.04. The issue impacts different kernel variants including linux-aws, linux-azure, linux-gcp, and linux-kvm (Ubuntu Security, Wiz Security).

The vulnerability has been addressed in various Linux distributions with different status levels. Ubuntu has marked several releases as 'Vulnerable' and is working on updates. Red Hat has assigned it a MEDIUM severity rating for versions 7, 8, and 9. Debian has implemented fixes for version 13 while versions 11 and 12 remain without fixes (Wiz Security).