CVE-2025-22005

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). fib_check_nh_v6_gw() expects that fib6_nh_init() cleans up everything when it fails. Commit 7dd73168e273 ("ipv6: Always allocate pcpu memory in a fib6_nh") moved fib_nh_common_init() before alloc_percpu_gfp() within fib6_nh_init() but forgot to add cleanup for fib6_nh->nh_common.nhc_pcpu_rth_output in case it fails to allocate fib6_nh->rt6i_pcpu, resulting in memleak. Let's call fib_nh_common_release() and clear nhc_pcpu_rth_output in the error path. Note that we can remove the fib6_nh_release() call in nh_create_ipv6() later in net-next.git.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/119dcafe36795a15ae53351cbbd6177aaf94ffef	Patch
https://git.kernel.org/stable/c/16267a5036173d0173377545b4b6021b081d0933	Patch
https://git.kernel.org/stable/c/1bd12dfc058e1e68759d313d7727d68dbc1b8964	Patch
https://git.kernel.org/stable/c/29d91820184d5cbc70f3246d4911d96eaeb930d6	Patch
https://git.kernel.org/stable/c/596a883c4ce2d2e9c175f25b98fed3a1f33fea38	Patch
https://git.kernel.org/stable/c/77c41cdbe6bce476e08d3251c0d501feaf10a9f3	Patch
https://git.kernel.org/stable/c/9740890ee20e01f99ff1dde84c63dcf089fabb98	Patch
https://git.kernel.org/stable/c/d3d5b4b5ae263c3225db363ba08b937e2e2b0380	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc7::::::

History

10 Apr 2025, 16:09

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/119dcafe36795a15ae53351cbbd6177aaf94ffef -~~	() https://git.kernel.org/stable/c/119dcafe36795a15ae53351cbbd6177aaf94ffef - Patch
References	~~() https://git.kernel.org/stable/c/16267a5036173d0173377545b4b6021b081d0933 -~~	() https://git.kernel.org/stable/c/16267a5036173d0173377545b4b6021b081d0933 - Patch
References	~~() https://git.kernel.org/stable/c/1bd12dfc058e1e68759d313d7727d68dbc1b8964 -~~	() https://git.kernel.org/stable/c/1bd12dfc058e1e68759d313d7727d68dbc1b8964 - Patch
References	~~() https://git.kernel.org/stable/c/29d91820184d5cbc70f3246d4911d96eaeb930d6 -~~	() https://git.kernel.org/stable/c/29d91820184d5cbc70f3246d4911d96eaeb930d6 - Patch
References	~~() https://git.kernel.org/stable/c/596a883c4ce2d2e9c175f25b98fed3a1f33fea38 -~~	() https://git.kernel.org/stable/c/596a883c4ce2d2e9c175f25b98fed3a1f33fea38 - Patch
References	~~() https://git.kernel.org/stable/c/77c41cdbe6bce476e08d3251c0d501feaf10a9f3 -~~	() https://git.kernel.org/stable/c/77c41cdbe6bce476e08d3251c0d501feaf10a9f3 - Patch
References	~~() https://git.kernel.org/stable/c/9740890ee20e01f99ff1dde84c63dcf089fabb98 -~~	() https://git.kernel.org/stable/c/9740890ee20e01f99ff1dde84c63dcf089fabb98 - Patch
References	~~() https://git.kernel.org/stable/c/d3d5b4b5ae263c3225db363ba08b937e2e2b0380 -~~	() https://git.kernel.org/stable/c/d3d5b4b5ae263c3225db363ba08b937e2e2b0380 - Patch
First Time		Linux linux Kernel Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel:6.14:rc7:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc5:::::: cpe:2.3:o:linux:linux_kernel::::::::
CWE		CWE-401

10 Apr 2025, 13:15

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/16267a5036173d0173377545b4b6021b081d0933 - () https://git.kernel.org/stable/c/1bd12dfc058e1e68759d313d7727d68dbc1b8964 - () https://git.kernel.org/stable/c/596a883c4ce2d2e9c175f25b98fed3a1f33fea38 -

07 Apr 2025, 14:18

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipv6: Se corrigió la fuga de memoria de nhc_pcpu_rth_output en fib_check_nh_v6_gw(). fib_check_nh_v6_gw() espera que fib6_nh_init() limpie todo cuando falla. El commit 7dd73168e273 ("ipv6: Asignar siempre memoria pcpu en un fib6_nh") movió fib_nh_common_init() antes de alloc_percpu_gfp() dentro de fib6_nh_init(), pero olvidó añadir la limpieza para fib6_nh->nh_common.nhc_pcpu_rth_output en caso de que no se asigne fib6_nh->rt6i_pcpu, lo que resulta en una fuga de memoria. Invoquemos fib_nh_common_release() y borremos nhc_pcpu_rth_output en la ruta de error. Tenga en cuenta que podemos eliminar la llamada a fib6_nh_release() en nh_create_ipv6() más adelante en net-next.git.

03 Apr 2025, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-03 08:15

Updated : 2025-04-10 16:09

NVD link : CVE-2025-22005

Mitre link : CVE-2025-22005

CVE.ORG link : CVE-2025-22005

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10