CVE-2025-37955
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
20/05/2025
Last modified:
14/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable()<br />
<br />
The selftests added to our CI by Bui Quang Minh recently reveals<br />
that there is a mem leak on the error path of virtnet_xsk_pool_enable():<br />
<br />
unreferenced object 0xffff88800a68a000 (size 2048):<br />
comm "xdp_helper", pid 318, jiffies 4294692778<br />
hex dump (first 32 bytes):<br />
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................<br />
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................<br />
backtrace (crc 0):<br />
__kvmalloc_node_noprof+0x402/0x570<br />
virtnet_xsk_pool_enable+0x293/0x6a0 (drivers/net/virtio_net.c:5882)<br />
xp_assign_dev+0x369/0x670 (net/xdp/xsk_buff_pool.c:226)<br />
xsk_bind+0x6a5/0x1ae0<br />
__sys_bind+0x15e/0x230<br />
__x64_sys_bind+0x72/0xb0<br />
do_syscall_64+0xc1/0x1d0<br />
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.11 (including) | 6.12.29 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.14.7 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.15:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.15:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.15:rc5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page