CVE-2025-37781 in Linux
Riassunto
di VulDB • 03/07/2026
Based on the stack trace provided, here is an analysis of the issue and potential solutions.
### **Summary** The system crashed (Oops/Panic) while loading a kernel module via `finit_module` syscall (`insmod`). The crash occurred deep in the VFS/sysfs layer during initialization (`do_one_initcall`), specifically when trying to create sysfs entries or security contexts for the newly loaded module.
---
### **Key Observations from Stack Trace** 1. **Trigger**: `__se_sys_finit_module` → `load_module` → `do_init_module` → `do_one_initcall`. This confirms a kernel module is being inserted and failing during its init function. 2. **Crash Location**: The trace shows calls to: - `security_kernfs_init_security` (LSM/SELinux/AppArmor hook) - `__kernfs_new_node`, `kernfs_link_sibling`, `sysfs_add_bin_file_mode_ns` 3. **RIP/Register State**: The crash happened in user-space syscall entry (`entry_SYSCALL_64_after_hwframe`) or just after returning from kernel space, but the actual fault likely occurred inside one of the called functions above (the trace is truncated before showing the exact `Call Trace` line that points to the crashing instruction). However, the presence of `security_kernfs_init_security` suggests an **LSM (Linux Security Module)** issue.
---
### **Most Likely Causes** 1. **SELinux/AppArmor Denial or Bug**: The function `security_kernfs_init_security` is called when creating new sysfs/kernfs nodes. If the LSM policy is misconfigured, corrupted, or if there’s a bug in how the module interacts with security contexts, this can cause an oops. 2. **Module Code Bug**: The module being loaded may be: - Trying to create invalid sysfs entries (e.g., duplicate names, bad pointers). - Using deprecated or incorrect APIs for sysfs creation. 3. **Kernel-Module Version Mismatch**: If the kernel was updated but the module is from an older/newer source tree, ABI mismatches can cause crashes in VFS/sysfs layers.
---
### **Troubleshooting Steps**
#### **1. Identify the Module Being Loaded** Check `dmesg` or `/var/log/messages` for lines just before this crash to see which module was being inserted: ```bash grep -i "insmod\|finit_module" /var/log/kern.log | tail -n 20 # Or check dmesg output around timestamp [272.xxx]
dmesg --time-format iso-precise | grep -A5 -B5 "load_module" ```
#### **2. Check SELinux/AppArmor Logs** If SELinux or AppArmor is enabled, they may have logged a denial before the crash: ```bash # For SELinux ausearch -m avc -ts recent | tail -n 10 sealert -a /var/log/audit/audit.log
# For AppArmor dmesg | grep apparmor journalctl -k | grep apparmor ```
#### **3. Boot with Security Modules Disabled (Test Only)** To confirm if an LSM is causing the crash, boot temporarily without SELinux/AppArmor: - Add `selinux=0` or `apparmor=0` to kernel command line in GRUB. - Reboot and try loading the module again. ⚠️ **Warning**: This reduces security; only use for testing.
#### **4. Update/Rebuild the Module** Ensure the module is compiled against the exact running kernel headers: ```bash # Check kernel version uname -r
# Reinstall/recompile the module with matching headers sudo apt install linux-headers-$(uname -r) # Debian/Ubuntu sudo dnf install kernel-devel-$(uname -r) # RHEL/Fedora make clean && make modules_install ```
#### **5. Check for Known Kernel Bugs** Search your distribution’s bug tracker or Linux kernel mailing lists for: - `security_kernfs_init_security oops` - `sysfs_add_bin_file_mode_ns crash` - Specific kernel version + module name.
---
### **If You Can Provide More Info:** 1. Which **kernel version** are you running? (`uname -r`) 2. Which **module** was being loaded when it crashed? 3. Is this a **custom-built module** or from an official package (e.g., NVIDIA, VirtualBox, DKMS)? 4. Are SELinux
If you want to get best quality of vulnerability data, you may have to visit VulDB.