[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-39756":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":114,"related":115,"reserved_at":9,"published_at":131,"modified_at":132,"state":133,"summary":134,"references_raw":143,"kevs":200,"epss":201,"epss_history":204,"metrics":478,"affected":484},"CVE-2025-39756","In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Prevent file descriptor table allocations exceeding INT_MAX\n\nWhen sysctl_nr_open is set to a very high value (for example, 1073741816\nas set by systemd), processes attempting to use file descriptors near\nthe limit can trigger massive memory allocation attempts that exceed\nINT_MAX, resulting in a WARNING in mm/slub.c:\n\n  WARNING: CPU: 0 PID: 44 at mm/slub.c:5027 __kvmalloc_node_noprof+0x21a/0x288\n\nThis happens because kvmalloc_array() and kvmalloc() check if the\nrequested size exceeds INT_MAX and emit a warning when the allocation is\nnot flagged with __GFP_NOWARN.\n\nSpecifically, when nr_open is set to 1073741816 (0x3ffffff8) and a\nprocess calls dup2(oldfd, 1073741880), the kernel attempts to allocate:\n- File descriptor array: 1073741880 * 8 bytes = 8,589,935,040 bytes\n- Multiple bitmaps: ~400MB\n- Total allocation size: > 8GB (exceeding INT_MAX = 2,147,483,647)\n\nReproducer:\n1. Set /proc/sys/fs/nr_open to 1073741816:\n   # echo 1073741816 > /proc/sys/fs/nr_open\n\n2. Run a program that uses a high file descriptor:\n   #include \u003Cunistd.h>\n   #include \u003Csys/resource.h>\n\n   int main() {\n       struct rlimit rlim = {1073741824, 1073741824};\n       setrlimit(RLIMIT_NOFILE, &rlim);\n       dup2(2, 1073741880);  // Triggers the warning\n       return 0;\n   }\n\n3. Observe WARNING in dmesg at mm/slub.c:5027\n\nsystemd commit a8b627a introduced automatic bumping of fs.nr_open to the\nmaximum possible value. The rationale was that systems with memory\ncontrol groups (memcg) no longer need separate file descriptor limits\nsince memory is properly accounted. However, this change overlooked\nthat:\n\n1. The kernel's allocation functions still enforce INT_MAX as a maximum\n   size regardless of memcg accounting\n2. Programs and tests that legitimately test file descriptor limits can\n   inadvertently trigger massive allocations\n3. The resulting allocations (>8GB) are impractical and will always fail\n\nsystemd's algorithm starts with INT_MAX and keeps halving the value\nuntil the kernel accepts it. On most systems, this results in nr_open\nbeing set to 1073741816 (0x3ffffff8), which is just under 1GB of file\ndescriptors.\n\nWhile processes rarely use file descriptors near this limit in normal\noperation, certain selftests (like\ntools/testing/selftests/core/unshare_test.c) and programs that test file\ndescriptor limits can trigger this issue.\n\nFix this by adding a check in alloc_fdtable() to ensure the requested\nallocation size does not exceed INT_MAX. This causes the operation to\nfail with -EMFILE instead of triggering a kernel warning and avoids the\nimpractical >8GB memory allocation request.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-401","Missing Release of Memory after Effective Lifetime","The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.","weakness","Draft","Variant","Medium",[],[],[],[],[24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110,112],{"_key":25},"SUSE-SU-2025:4057-1",{"_key":27},"SUSE-SU-2025:4132-1",{"_key":29},"SUSE-SU-2025:4128-1",{"_key":31},"SUSE-SU-2025:4301-1",{"_key":33},"DLA-4327-1",{"_key":35},"DLA-4328-1",{"_key":37},"DSA-6009-1",{"_key":39},"SUSE-SU-2025:21040-1",{"_key":41},"SUSE-SU-2025:21052-1",{"_key":43},"SUSE-SU-2025:21056-1",{"_key":45},"SUSE-SU-2025:21064-1",{"_key":47},"SUSE-SU-2025:21080-1",{"_key":49},"SUSE-SU-2025:21147-1",{"_key":51},"SUSE-SU-2025:21180-1",{"_key":53},"SUSE-SU-2025:4141-1",{"_key":55},"SUSE-SU-2025:4189-1",{"_key":57},"SUSE-SU-2025:4140-1",{"_key":59},"OPENSUSE-SU-2025:20091-1",{"_key":61},"DEBIAN-CVE-2025-39756",{"_key":63},"USN-7909-5",{"_key":65},"USN-7933-1",{"_key":67},"USN-7938-1",{"_key":69},"USN-8028-1",{"_key":71},"USN-8028-2",{"_key":73},"USN-8028-3",{"_key":75},"USN-8028-4",{"_key":77},"USN-8028-5",{"_key":79},"USN-8028-6",{"_key":81},"USN-8028-7",{"_key":83},"USN-8028-8",{"_key":85},"USN-8031-1",{"_key":87},"USN-8031-2",{"_key":89},"USN-8031-3",{"_key":91},"USN-8052-1",{"_key":93},"USN-8052-2",{"_key":95},"USN-8074-1",{"_key":97},"USN-8074-2",{"_key":99},"USN-8126-1",{"_key":101},"UBUNTU-CVE-2025-39756",{"_key":103},"USN-7909-1",{"_key":105},"USN-7909-2",{"_key":107},"USN-7909-3",{"_key":109},"USN-7909-4",{"_key":111},"USN-7910-1",{"_key":113},"USN-7910-2",[],[116,117,118,119,120,121,122,123,124,125,126,127,128,129,130],{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},"2025-09-11T16:52:26.136Z","2026-05-12T12:06:46.748Z","Modified",{"cisa_kev":135,"cisa_ransomware":135,"cisa_vendor":9,"epss_severity":136,"epss_score":137,"severity":138,"severity_score":139,"severity_version":140,"severity_source":141,"severity_vector":142,"severity_status":133},false,"low",0.00036,"medium",5.5,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",[144,150,154,158,162,166,170,174,178,182,188,192,196],{"url":145,"sources":146,"tags":148},"https://git.kernel.org/stable/c/b4159c5a90c03f8acd3de345a7f5fc63b0909818",[147,141],"cve.org",[149],"Patch",{"url":151,"sources":152,"tags":153},"https://git.kernel.org/stable/c/f95638a8f22eba307dceddf5aef9ae2326bbcf98",[147,141],[149],{"url":155,"sources":156,"tags":157},"https://git.kernel.org/stable/c/749528086620f8012b83ae032a80f6ffa80c45cd",[147,141],[149],{"url":159,"sources":160,"tags":161},"https://git.kernel.org/stable/c/628fc28f42d979f36dbf75a6129ac7730e30c04e",[147,141],[149],{"url":163,"sources":164,"tags":165},"https://git.kernel.org/stable/c/237e416eb62101f21b28c9e6e564d10efe1ecc6f",[147,141],[149],{"url":167,"sources":168,"tags":169},"https://git.kernel.org/stable/c/d4f9351243c17865a8cdbe6b3ccd09d0b13a7bcc",[147,141],[149],{"url":171,"sources":172,"tags":173},"https://git.kernel.org/stable/c/9f61fa6a2a89a610120bc4e5d24379c667314b5c",[147,141],[149],{"url":175,"sources":176,"tags":177},"https://git.kernel.org/stable/c/dfd1f4ea98c3bd3a03d12169b5b2daa1f0a3e4ae",[147,141],[149],{"url":179,"sources":180,"tags":181},"https://git.kernel.org/stable/c/04a2c4b4511d186b0fce685da21085a5d4acd370",[147,141],[149],{"url":183,"sources":184,"tags":185},"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html",[147,141],[186,187],"Third Party Advisory","Mailing List",{"url":189,"sources":190,"tags":191},"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html",[147,141],[186,187],{"url":193,"sources":194,"tags":195},"https://cert-portal.siemens.com/productcert/html/ssa-082556.html",[147,141],[],{"url":197,"sources":198,"tags":199},"https://cert-portal.siemens.com/productcert/html/ssa-032379.html",[147,141],[],[],{"date":202,"score":137,"percentile":203},"2026-06-04",0.11171,[205,209,213,216,219,222,225,228,231,234,237,240,243,246,249,253,257,260,263,266,269,272,275,278,281,284,287,290,293,296,299,301,304,307,310,313,316,319,322,325,328,331,334,337,340,343,346,349,352,355,358,361,364,367,370,373,376,379,382,385,388,391,394,397,400,403,406,408,412,416,419,422,425,428,431,434,437,440,443,446,449,452,455,458,461,464,467,470,472,475],{"date":206,"score":207,"percentile":208},"2025-11-04",0.00082,0.2471,{"date":210,"score":211,"percentile":212},"2025-11-05",0.00068,0.21264,{"date":214,"score":211,"percentile":215},"2025-11-06",0.2127,{"date":217,"score":211,"percentile":218},"2025-11-07",0.21281,{"date":220,"score":211,"percentile":221},"2025-11-08",0.21289,{"date":223,"score":211,"percentile":224},"2025-11-09",0.21253,{"date":226,"score":211,"percentile":227},"2025-11-10",0.21196,{"date":229,"score":211,"percentile":230},"2025-11-11",0.21216,{"date":232,"score":211,"percentile":233},"2025-11-12",0.21274,{"date":235,"score":211,"percentile":236},"2025-11-13",0.21285,{"date":238,"score":211,"percentile":239},"2025-11-14",0.21271,{"date":241,"score":211,"percentile":242},"2025-11-15",0.21247,{"date":244,"score":211,"percentile":245},"2025-11-16",0.21201,{"date":247,"score":211,"percentile":248},"2025-11-17",0.21164,{"date":250,"score":251,"percentile":252},"2025-11-18",0.00049,0.1066,{"date":254,"score":255,"percentile":256},"2025-11-19",0.00071,0.17893,{"date":258,"score":255,"percentile":259},"2025-11-20",0.17867,{"date":261,"score":255,"percentile":262},"2025-11-21",0.21984,{"date":264,"score":255,"percentile":265},"2025-11-22",0.21982,{"date":267,"score":255,"percentile":268},"2025-11-23",0.21945,{"date":270,"score":255,"percentile":271},"2025-11-24",0.21916,{"date":273,"score":255,"percentile":274},"2025-11-25",0.219,{"date":276,"score":255,"percentile":277},"2025-11-26",0.21888,{"date":279,"score":255,"percentile":280},"2025-11-27",0.21844,{"date":282,"score":255,"percentile":283},"2025-11-28",0.2182,{"date":285,"score":255,"percentile":286},"2025-11-29",0.21808,{"date":288,"score":255,"percentile":289},"2025-11-30",0.21798,{"date":291,"score":255,"percentile":292},"2025-12-01",0.21848,{"date":294,"score":255,"percentile":295},"2025-12-02",0.21867,{"date":297,"score":255,"percentile":298},"2025-12-03",0.21877,{"date":300,"score":255,"percentile":283},"2025-12-04",{"date":302,"score":255,"percentile":303},"2025-12-05",0.21861,{"date":305,"score":255,"percentile":306},"2025-12-06",0.21859,{"date":308,"score":255,"percentile":309},"2025-12-07",0.21823,{"date":311,"score":255,"percentile":312},"2025-12-08",0.21836,{"date":314,"score":255,"percentile":315},"2025-12-09",0.21887,{"date":317,"score":255,"percentile":318},"2025-12-10",0.21964,{"date":320,"score":255,"percentile":321},"2025-12-11",0.22005,{"date":323,"score":255,"percentile":324},"2025-12-12",0.22017,{"date":326,"score":255,"percentile":327},"2025-12-13",0.22024,{"date":329,"score":255,"percentile":330},"2025-12-14",0.21994,{"date":332,"score":255,"percentile":333},"2025-12-15",0.21971,{"date":335,"score":255,"percentile":336},"2025-12-16",0.22002,{"date":338,"score":255,"percentile":339},"2025-12-17",0.22074,{"date":341,"score":255,"percentile":342},"2025-12-18",0.2216,{"date":344,"score":255,"percentile":345},"2025-12-19",0.22185,{"date":347,"score":255,"percentile":348},"2025-12-20",0.22156,{"date":350,"score":255,"percentile":351},"2025-12-21",0.22101,{"date":353,"score":255,"percentile":354},"2025-12-22",0.22069,{"date":356,"score":255,"percentile":357},"2025-12-23",0.22066,{"date":359,"score":255,"percentile":360},"2025-12-24",0.22084,{"date":362,"score":255,"percentile":363},"2025-12-25",0.22166,{"date":365,"score":255,"percentile":366},"2025-12-26",0.22151,{"date":368,"score":255,"percentile":369},"2025-12-27",0.22162,{"date":371,"score":255,"percentile":372},"2025-12-28",0.22116,{"date":374,"score":255,"percentile":375},"2025-12-29",0.22082,{"date":377,"score":255,"percentile":378},"2025-12-30",0.22063,{"date":380,"score":255,"percentile":381},"2025-12-31",0.22119,{"date":383,"score":255,"percentile":384},"2026-01-01",0.22214,{"date":386,"score":255,"percentile":387},"2026-01-02",0.2221,{"date":389,"score":255,"percentile":390},"2026-01-03",0.22194,{"date":392,"score":255,"percentile":393},"2026-01-04",0.22094,{"date":395,"score":255,"percentile":396},"2026-01-05",0.22088,{"date":398,"score":255,"percentile":399},"2026-01-06",0.22102,{"date":401,"score":255,"percentile":402},"2026-01-07",0.22141,{"date":404,"score":255,"percentile":405},"2026-01-08",0.22195,{"date":407,"score":255,"percentile":345},"2026-01-09",{"date":409,"score":410,"percentile":411},"2026-01-10",0.0003,0.08098,{"date":413,"score":414,"percentile":415},"2026-01-11",0.00038,0.11355,{"date":417,"score":414,"percentile":418},"2026-01-12",0.11327,{"date":420,"score":414,"percentile":421},"2026-01-13",0.11303,{"date":423,"score":414,"percentile":424},"2026-01-14",0.11357,{"date":426,"score":414,"percentile":427},"2026-01-15",0.11362,{"date":429,"score":414,"percentile":430},"2026-01-16",0.11404,{"date":432,"score":414,"percentile":433},"2026-01-17",0.11413,{"date":435,"score":414,"percentile":436},"2026-01-18",0.11364,{"date":438,"score":414,"percentile":439},"2026-01-19",0.11298,{"date":441,"score":414,"percentile":442},"2026-01-20",0.1128,{"date":444,"score":414,"percentile":445},"2026-01-21",0.11256,{"date":447,"score":414,"percentile":448},"2026-01-22",0.11248,{"date":450,"score":414,"percentile":451},"2026-01-23",0.11336,{"date":453,"score":414,"percentile":454},"2026-01-24",0.114,{"date":456,"score":414,"percentile":457},"2026-01-25",0.11356,{"date":459,"score":414,"percentile":460},"2026-01-26",0.11295,{"date":462,"score":414,"percentile":463},"2026-01-27",0.11279,{"date":465,"score":414,"percentile":466},"2026-01-28",0.1127,{"date":468,"score":414,"percentile":469},"2026-01-29",0.11246,{"date":471,"score":414,"percentile":466},"2026-01-30",{"date":473,"score":414,"percentile":474},"2026-01-31",0.11281,{"date":476,"score":414,"percentile":477},"2026-02-01",0.11277,[479],{"source":141,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":480,"cvss_v4_0":9},{"baseScore":139,"baseSeverity":481,"vectorString":142,"impactScore":482,"exploitabilityScore":483},"MEDIUM",6,4.6,[485,494,532],{"ecosystem":9,"name":486,"vendor":487,"product":488,"cpe_part":489,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":490},"debian linux","debian","debian_linux","o",[491],{"version":492,"is_range":135,"range_type":493,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0","cpe",{"ecosystem":9,"name":495,"vendor":496,"product":496,"cpe_part":497,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":498},"Linux","linux","a",[499,506,509,512,515,518,521,524,527,530],{"version":500,"is_range":501,"range_type":147,"version_start":502,"version_start_type":503,"version_end":504,"version_end_type":505,"fixed_in":9},">= 9cfe015aa424b3c003baba3841a60dd9b5ad319b, \u003C b4159c5a90c03f8acd3de345a7f5fc63b0909818",true,"9cfe015aa424b3c003baba3841a60dd9b5ad319b","including","b4159c5a90c03f8acd3de345a7f5fc63b0909818","excluding",{"version":507,"is_range":501,"range_type":147,"version_start":502,"version_start_type":503,"version_end":508,"version_end_type":505,"fixed_in":9},">= 9cfe015aa424b3c003baba3841a60dd9b5ad319b, \u003C f95638a8f22eba307dceddf5aef9ae2326bbcf98","f95638a8f22eba307dceddf5aef9ae2326bbcf98",{"version":510,"is_range":501,"range_type":147,"version_start":502,"version_start_type":503,"version_end":511,"version_end_type":505,"fixed_in":9},">= 9cfe015aa424b3c003baba3841a60dd9b5ad319b, \u003C 749528086620f8012b83ae032a80f6ffa80c45cd","749528086620f8012b83ae032a80f6ffa80c45cd",{"version":513,"is_range":501,"range_type":147,"version_start":502,"version_start_type":503,"version_end":514,"version_end_type":505,"fixed_in":9},">= 9cfe015aa424b3c003baba3841a60dd9b5ad319b, \u003C 628fc28f42d979f36dbf75a6129ac7730e30c04e","628fc28f42d979f36dbf75a6129ac7730e30c04e",{"version":516,"is_range":501,"range_type":147,"version_start":502,"version_start_type":503,"version_end":517,"version_end_type":505,"fixed_in":9},">= 9cfe015aa424b3c003baba3841a60dd9b5ad319b, \u003C 237e416eb62101f21b28c9e6e564d10efe1ecc6f","237e416eb62101f21b28c9e6e564d10efe1ecc6f",{"version":519,"is_range":501,"range_type":147,"version_start":502,"version_start_type":503,"version_end":520,"version_end_type":505,"fixed_in":9},">= 9cfe015aa424b3c003baba3841a60dd9b5ad319b, \u003C d4f9351243c17865a8cdbe6b3ccd09d0b13a7bcc","d4f9351243c17865a8cdbe6b3ccd09d0b13a7bcc",{"version":522,"is_range":501,"range_type":147,"version_start":502,"version_start_type":503,"version_end":523,"version_end_type":505,"fixed_in":9},">= 9cfe015aa424b3c003baba3841a60dd9b5ad319b, \u003C 9f61fa6a2a89a610120bc4e5d24379c667314b5c","9f61fa6a2a89a610120bc4e5d24379c667314b5c",{"version":525,"is_range":501,"range_type":147,"version_start":502,"version_start_type":503,"version_end":526,"version_end_type":505,"fixed_in":9},">= 9cfe015aa424b3c003baba3841a60dd9b5ad319b, \u003C dfd1f4ea98c3bd3a03d12169b5b2daa1f0a3e4ae","dfd1f4ea98c3bd3a03d12169b5b2daa1f0a3e4ae",{"version":528,"is_range":501,"range_type":147,"version_start":502,"version_start_type":503,"version_end":529,"version_end_type":505,"fixed_in":9},">= 9cfe015aa424b3c003baba3841a60dd9b5ad319b, \u003C 04a2c4b4511d186b0fce685da21085a5d4acd370","04a2c4b4511d186b0fce685da21085a5d4acd370",{"version":531,"is_range":135,"range_type":147,"version_start":531,"version_start_type":503,"version_end":531,"version_end_type":503,"fixed_in":9},"2.6.25",{"ecosystem":9,"name":533,"vendor":496,"product":534,"cpe_part":489,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":535},"linux kernel","linux_kernel",[536,539,543,547,551,555,559,563],{"version":537,"is_range":501,"range_type":493,"version_start":531,"version_start_type":503,"version_end":538,"version_end_type":505,"fixed_in":9},"gte2.6.25_lt5.4.297","5.4.297",{"version":540,"is_range":501,"range_type":493,"version_start":541,"version_start_type":503,"version_end":542,"version_end_type":505,"fixed_in":9},"gte5.5_lt5.10.241","5.5","5.10.241",{"version":544,"is_range":501,"range_type":493,"version_start":545,"version_start_type":503,"version_end":546,"version_end_type":505,"fixed_in":9},"gte5.11_lt5.15.190","5.11","5.15.190",{"version":548,"is_range":501,"range_type":493,"version_start":549,"version_start_type":503,"version_end":550,"version_end_type":505,"fixed_in":9},"gte5.16_lt6.1.149","5.16","6.1.149",{"version":552,"is_range":501,"range_type":493,"version_start":553,"version_start_type":503,"version_end":554,"version_end_type":505,"fixed_in":9},"gte6.2_lt6.6.103","6.2","6.6.103",{"version":556,"is_range":501,"range_type":493,"version_start":557,"version_start_type":503,"version_end":558,"version_end_type":505,"fixed_in":9},"gte6.7_lt6.12.43","6.7","6.12.43",{"version":560,"is_range":501,"range_type":493,"version_start":561,"version_start_type":503,"version_end":562,"version_end_type":505,"fixed_in":9},"gte6.13_lt6.15.11","6.13","6.15.11",{"version":564,"is_range":501,"range_type":493,"version_start":565,"version_start_type":503,"version_end":566,"version_end_type":505,"fixed_in":9},"gte6.16_lt6.16.2","6.16","6.16.2"]