Medium severity5.5NVD Advisory· Published May 20, 2025· Updated Apr 11, 2026

CVE-2025-37980

Description

In the Linux kernel, the following vulnerability has been resolved:

block: fix resource leak in blk_register_queue() error path

When registering a queue fails after blk_mq_sysfs_register() is successful but the function later encounters an error, we need to clean up the blk_mq_sysfs resources.

Add the missing blk_mq_sysfs_unregister() call in the error path to properly clean up these resources and prevent a memory leak.

Affected products

Linux/Kernel3 versions
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=3.13,<6.6.88
- cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*

Patches

549cbbd14bbe

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

41e43134ddda

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

55a7bb2708f7

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

40f2eb9b5314

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

News mentions

No linked articles in our index yet.

Severity

MediumCVSS v3.1

5.5/ 10

Attack vector: Local
Complexity: Low
Privileges: Low
User interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: None
Availability: High

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Probability of exploitation in the next 30 days.

0.06%

VYPR risk score

Composite of severity, exploitation, and reach.

0.29low

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000

Weaknesses

CWE-401
Missing Release of Memory after Effective Lifetime

CVE ID

CVE-2025-37980