PT-2025-27684 · Linux+6 · Linux Kernel+6

Published

2025-04-09

·

Updated

2026-05-26

·

CVE-2025-38097

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A reference leak issue has been identified in the Linux kernel, specifically in the espintcp component. The current caching scheme for the encap socket can lead to reference leaks when attempting to delete the netns. This occurs due to the reference chain: xfrm state -> enacp sk -> netns. The issue arises when the espintcp state is deleted before removing the netns, causing the reference on the socket to be dropped, and potentially preventing the netns from being deleted. The patch to resolve this issue results in a small performance regression of approximately 2%.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Weakness Enumeration

CWE-401

Related Identifiers

AZL-72584
BDU:2025-09031
CVE-2025-38097
DLA-4328-1
DSA-5973-1
ECHO-33F8-2202-38DC
OESA-2025-2120
OESA-2025-2121
OESA-2025-2122
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
USN-7769-1
USN-7769-2
USN-7769-3
USN-7770-1
USN-7771-1
USN-7789-1
USN-7789-2
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu