#VU114905 Memory leak in Linux kernel - CVE-2025-39682
Published: September 8, 2025 / Updated: March 6, 2026
Vulnerability identifier: #VU114905
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2025-39682
CWE-ID: CWE-401
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the decrypt_skb() and tls_sw_recvmsg() functions in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/2902c3ebcca52ca845c03182000e8d71d3a5196f
- https://git.kernel.org/stable/c/29c0ce3c8cdb6dc5d61139c937f34cb888a6f42e
- https://git.kernel.org/stable/c/3439c15ae91a517cf3c650ea15a8987699416ad9
- https://git.kernel.org/stable/c/62708b9452f8eb77513115b17c4f8d1a22ebf843
- https://git.kernel.org/stable/c/c09dd3773b5950e9cfb6c9b9a5f6e36d06c62677