CVE-2025-71097

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A reference count leak exists in the IPv4 implementation when using error routes with nexthop objects. Specifically, when a nexthop object is deleted, error routes do not get flushed, leading to a reference count leak on the nexthop object and its associated device. This occurs because the flushing of error routes in fib table flush() is only performed during network namespace dismantling, not when the nexthop object is deleted directly. The issue does not affect IPv6. An example scenario involves adding a dummy network interface, a nexthop, and both regular and blackhole routes using the nexthop. Deleting the nexthop leaves the blackhole route holding a reference, preventing the device from being freed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2025-71097

ECHO-C17B-B858-6443

MGASA-2026-0017

MGASA-2026-0018

OESA-2026-1566

OESA-2026-1567

OESA-2026-1570

OPENSUSE-SU-2026:20287-1

SUSE-SU-2026:0447-1

SUSE-SU-2026:0472-1

SUSE-SU-2026:0587-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20555-1

SUSE-SU-2026:20599-1

SUSE-SU-2026:20615-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

USN-8096-1

USN-8096-2

USN-8096-3

USN-8096-4

USN-8096-5

USN-8116-1

USN-8141-1

USN-8163-1

USN-8163-2

USN-8177-1

USN-8177-2

USN-8179-1

USN-8179-2

USN-8179-3

USN-8179-4

USN-8183-1

USN-8183-2

USN-8184-1

USN-8185-1

USN-8185-2

USN-8203-1

USN-8204-1

USN-8243-1

USN-8245-1

USN-8257-1

USN-8258-1

USN-8260-1

USN-8261-1

USN-8265-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-71097

Related Identifiers

Affected Products

References · 2513