CVE-2025-39913

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contained a flaw in the tcp bpf subsystem where

sk msg free()

was not called when

tcp bpf send verdict()

failed to allocate memory for

psock->cork

. This could lead to memory allocation issues and potential system instability. The issue was identified through automated testing using syzbot, which reported a warning during a test execution involving a socket message program and fault injection. The root cause was a failure to revert a socket allocation change when the allocation of

psock->cork

failed, resulting in a potential memory leak and incorrect data handling during subsequent send operations.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.