CVE-2025-40183

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6}<br /> <br /> Cilium has a BPF egress gateway feature which forces outgoing K8s Pod<br /> traffic to pass through dedicated egress gateways which then SNAT the<br /> traffic in order to interact with stable IPs outside the cluster.<br /> <br /> The traffic is directed to the gateway via vxlan tunnel in collect md<br /> mode. A recent BPF change utilized the bpf_redirect_neigh() helper to<br /> forward packets after the arrival and decap on vxlan, which turned out<br /> over time that the kmalloc-256 slab usage in kernel was ever-increasing.<br /> <br /> The issue was that vxlan allocates the metadata_dst object and attaches<br /> it through a fake dst entry to the skb. The latter was never released<br /> though given bpf_redirect_neigh() was merely setting the new dst entry<br /> via skb_dst_set() without dropping an existing one first.