CVE-2025-22059

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the Linux kernel's UDP implementation, where multiple wraparounds of sk->sk rmem alloc can occur. This happens when sk->sk rcvbuf is set to a large value, such as INT MAX, and the size of incoming packets is added to sk->sk rmem alloc unconditionally, resulting in integer overflow. This allows a single socket to have packets up to net.core.udp mem[1]. The problem was introduced by a commit that removed a boundary check for INT MAX. A fix would involve capping the right operand by INT MAX or defining rmem and rcvbuf as unsigned integers and checking skb->truesize only when rcvbuf is large enough.

Recommendations To resolve the issue, consider updating the Linux kernel to a version that includes the fix for the udp: Fix multiple wraparounds of sk->sk rmem alloc vulnerability. As a temporary workaround, restrict the use of large sk->sk rcvbuf values and monitor socket memory allocation to minimize the risk of exploitation. Additionally, consider disabling or limiting the use of UDP sockets with large receive buffers until a patch is available.