CVE-2025-38097

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> espintcp: remove encap socket caching to avoid reference leak<br /> <br /> The current scheme for caching the encap socket can lead to reference<br /> leaks when we try to delete the netns.<br /> <br /> The reference chain is: xfrm_state -&gt; enacp_sk -&gt; netns<br /> <br /> Since the encap socket is a userspace socket, it holds a reference on<br /> the netns. If we delete the espintcp state (through flush or<br /> individual delete) before removing the netns, the reference on the<br /> socket is dropped and the netns is correctly deleted. Otherwise, the<br /> netns may not be reachable anymore (if all processes within the ns<br /> have terminated), so we cannot delete the xfrm state to drop its<br /> reference on the socket.<br /> <br /> This patch results in a small (~2% in my tests) performance<br /> regression.<br /> <br /> A GC-type mechanism could be added for the socket cache, to clear<br /> references if the state hasn&amp;#39;t been used "recently", but it&amp;#39;s a lot<br /> more complex than just not caching the socket.