IM
IronMonkey Threat Research

CVE-2025-22005 MEDIUM

Published: 2025-04-03 | Last Modified: 2026-07-14 | Status: Modified

Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). fib_check_nh_v6_gw() expects that fib6_nh_init() cleans up everything when it fails. Commit 7dd73168e273 ("ipv6: Always allocate pcpu memory in a fib6_nh") moved fib_nh_common_init() before alloc_percpu_gfp() within fib6_nh_init() but forgot to add cleanup for fib6_nh->nh_common.nhc_pcpu_rth_output in case it fails to allocate fib6_nh->rt6i_pcpu, resulting in memleak. Let's call fib_nh_common_release() and clear nhc_pcpu_rth_output in the error path. Note that we can remove the fib6_nh_release() call in nh_create_ipv6() later in net-next.git.

Additional Descriptions (1)

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipv6: Se corrigió la fuga de memoria de nhc_pcpu_rth_output en fib_check_nh_v6_gw(). fib_check_nh_v6_gw() espera que fib6_nh_init() limpie todo cuando falla. El commit 7dd73168e273 ("ipv6: Asignar siempre memoria pcpu en un fib6_nh") movió fib_nh_common_init() antes de alloc_percpu_gfp() dentro de fib6_nh_init(), pero olvidó añadir la limpieza para fib6_nh->nh_common.nhc_pcpu_rth_output en caso de que no se asigne fib6_nh->rt6i_pcpu, lo que resulta en una fuga de memoria. Invoquemos fib_nh_common_release() y borremos nhc_pcpu_rth_output en la ruta de error. Tenga en cuenta que podemos eliminar la llamada a fib6_nh_release() en nh_create_ipv6() más adelante en net-next.git.

CVSS Metrics

Base Score: 5.5 (MEDIUM)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack VectorLOCAL
Attack ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 3.6

Weaknesses

Source Type Description
[email protected] Primary
en CWE-401
134c704f-9b21-4f2e-91b3-4a467353bcc0 Secondary
en CWE-401

Affected Products

Vendor Product Version Update Type
linux linux_kernel * <built-in method update of dict object at 0x702b8344e040> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bdcc59a80> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bdcc5b600> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bdd8919c0> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702b8344d780> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bfc1dc100> Operating System
linux linux_kernel 6.14 <built-in method update of dict object at 0x702bdc51a3c0> Operating System
linux linux_kernel 6.14 <built-in method update of dict object at 0x702bfc337900> Operating System
linux linux_kernel 6.14 <built-in method update of dict object at 0x702bfc335e00> Operating System
linux linux_kernel 6.14 <built-in method update of dict object at 0x702b8344d300> Operating System
linux linux_kernel 6.14 <built-in method update of dict object at 0x702bfc1de200> Operating System
linux linux_kernel 6.14 <built-in method update of dict object at 0x702bfc337100> Operating System
linux linux_kernel 6.14 <built-in method update of dict object at 0x702b8344e240> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.14:rc6:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.14:rc7:*:*:*:*:*:*

References

Notification
Message here