CVE-2025-21792

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version containing the fix for the refcount leak in ax25 release()

Description A refcount leak occurs in the Linux kernel when an AX25 device is bound to a socket by setting the SO BINDTODEVICE socket option. This happens because the refcounts are not incremented when the device is bound using this method, unlike when using ax25 bind(). The issue leads to a memory leak warning reported by Syzkaller. The problem arises from the incorrect implementation of ax25 setsockopt(), which fails to increment refcounts for the new device bound and decrement refcounts for the old unbound device.

Recommendations For Linux kernel versions prior to the fixed version, apply the patch that fixes the implementation of ax25 setsockopt() by adding the necessary increment and decrement of refcounts for the bound and unbound devices. As a temporary workaround, consider avoiding the use of the SO BINDTODEVICE socket option to bind AX25 devices to sockets until the issue is resolved.