Main Vulnerability Database SB2025120447

SB2025120447 - Memory leak in Linux kernel devlink

Published: December 4, 2025

Security Bulletin ID SB2025120447

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2025-40251)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the devl_rate_nodes_destroy() function in net/devlink/rate.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/542f45486f1ce2d2dde75bd85aca0389ef7046c3
https://git.kernel.org/stable/c/715d9cda646a8a38ea8b2bb5afb679a7464055e2
https://git.kernel.org/stable/c/c70df6c17d389cc743f0eb30160e2d6bc6910db8
https://git.kernel.org/stable/c/f94c1a114ac209977bdf5ca841b98424295ab1f0