PT-2025-40087 · Linux+3 · Linux Kernel+3

Syzbot

·

Published

2025-01-01

·

Updated

2026-05-07

·

CVE-2025-39913

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contained a flaw in the tcp bpf subsystem where sk msg free() was not called when tcp bpf send verdict() failed to allocate memory for psock->cork. This could lead to memory allocation issues and potential system instability. The issue was identified through automated testing using syzbot, which reported a warning during a test execution involving a socket message program and fault injection. The root cause was a failure to revert a socket allocation change when the allocation of psock->cork failed, resulting in a potential memory leak and incorrect data handling during subsequent send operations.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Allocation of Resources Without Limits

Weakness Enumeration

CWE-770

Related Identifiers

AZL-68049
AZL-74757
BDU:2025-12987
CVE-2025-39913
DLA-4328-1
DLA-4404-1
ECHO-193D-43F8-5815
MGASA-2025-0309
MGASA-2025-0310
OESA-2026-1337
OESA-2026-1338
OESA-2026-1339
OESA-2026-1341
OPENSUSE-SU-2026:20287-1
SUSE-SU-2026:0447-1
SUSE-SU-2026:0471-1
SUSE-SU-2026:0472-1
SUSE-SU-2026:0473-1
SUSE-SU-2026:0587-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20555-1
SUSE-SU-2026:20599-1
SUSE-SU-2026:20615-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8033-1
USN-8033-2
USN-8033-3
USN-8033-4
USN-8033-5
USN-8033-6
USN-8033-7
USN-8033-8
USN-8034-1
USN-8034-2
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8165-1
USN-8243-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Ubuntu