CVE-2025-22058Missing Release of Memory after Effective Lifetime in Linux

CWE-401Missing Release of Memory after Effective LifetimeCWE-190Integer Overflow or Wraparound61 documents7 sources
Severity
5.5MEDIUMNVD
OSV7.8OSV7.1OSV5.9
EPSS
0.1%
top 72.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
LinuxLinux KernelDebian Linux+4 more
Timeline
PublishedApr 16
Latest updateApr 13

Description

In the Linux kernel, the following vulnerability has been resolved: udp: Fix memory accounting leak. Matt Dowling reported a weird UDP memory usage issue. Under normal operation, the UDP memory usage reported in /proc/net/sockstat remains close to zero. However, it occasionally spiked to 524,288 pages and never dropped. Moreover, the value doubled when the application was terminated. Finally, it caused intermittent packet drops. We can reproduce the issue with the script below [0]: 1. /proc

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages9 packages

NVDlinux/linux_kernel4.105.4.301+7
Debianlinux/linux_kernel< 5.10.247-1+3
Ubuntulinux/linux_kernel< 5.15.0-170.180+2

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

30
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-intel-iotg-5.15, linux-xilinx-zynqmp vulnerabilities2026-02-19
OSV
linux-intel-iotg vulnerabilities2026-02-19
OSV
linux-nvidia vulnerabilities2026-02-17
OSV
linux-nvidia-tegra-igx vulnerabilities2026-02-17

📋Vendor Advisories

30
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-13
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2026-02-19
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2026-02-17