Memory leak in Linux kernel - CVE-2025-21864
Published: March 12, 2025 / Updated: May 11, 2025
Vulnerability identifier: #VU105675
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-21864
CWE-ID: CWE-401
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcp_add_backlog() function in net/ipv4/tcp_ipv4.c, within the tcp_ofo_queue(), tcp_queue_rcv(), tcp_data_queue() and tcp_rcv_established() functions in net/ipv4/tcp_input.c, within the tcp_fastopen_add_skb() function in net/ipv4/tcp_fastopen.c. A local user can perform a denial of service (DoS) attack.
How to mitigate CVE-2025-21864
Install update from vendor's website.
Sources
- https://git.kernel.org/stable/c/69cafd9413084cd5012cf5d7c7ec6f3d493726d9
- https://git.kernel.org/stable/c/87858bbf21da239ace300d61dd209907995c0491
- https://git.kernel.org/stable/c/9b6412e6979f6f9e0632075f8f008937b5cd4efd
- https://git.kernel.org/stable/c/cd34a07f744451e2ecf9005bb7d24d0b2fb83656
- https://git.kernel.org/stable/c/f1d5e6a5e468308af7759cf5276779d3155c5e98
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.80