CVE-2025-39847

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak exists in the pad compress skb function within the PPP (Point-to-Point Protocol) component of the Linux kernel. If the alloc skb function fails during the compression process, the function returns NULL without releasing the original socket buffer (skb), leading to a memory leak. The issue occurs because the reference to the original skb is lost when pad compress skb() fails, and the subsequent kfree skb(skb) call has no effect.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

AZL-67553

AZL-74841

BDU:2025-13880

CVE-2025-39847

DLA-4327-1

DLA-4328-1

DSA-6008-1

DSA-6009-1

ECHO-D1A6-4977-612D

INFESA-2025_0006

OESA-2025-2633

OESA-2025-2634

OESA-2025-2635

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:03600-1

SUSE-SU-2025:03614-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20851-1

SUSE-SU-2025:20861-1

SUSE-SU-2025:20870-1

SUSE-SU-2025:20898-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025:3751-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4141-1

USN-7909-1

USN-7909-2

USN-7909-3

USN-7909-4

USN-7909-5

USN-7910-1

USN-7910-2

USN-7933-1

USN-7938-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Debian

Linuxmint

Linux Kernel

Suse

Ubuntu

CVE-2025-39847

Weakness Enumeration

Related Identifiers

Affected Products

References · 3809