CVE-2025-39913 — Missing Release of Resource after Effective Lifetime in Linux
Severity
7.8HIGHNVD
EPSS
0.0%
top 94.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 1
Latest updateApr 13
Description
In the Linux kernel, the following vulnerability has been resolved:
tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork.
syzbot reported the splat below. [0]
The repro does the following:
1. Load a sk_msg prog that calls bpf_msg_cork_bytes(msg, cork_bytes)
2. Attach the prog to a SOCKMAP
3. Add a socket to the SOCKMAP
4. Activate fault injection
5. Send data less than cork_bytes
At 5., the data is carried over to the next sendmsg() as it is
smaller than the…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages3 packages
▶CVEListV5linux/linux4f738adba30a7cfc006f605707e7aee847ffefa0 — 08f58d10f5abf11d297cc910754922498c921f91+8
Also affects: Debian Linux 11.0
Patches
🔴Vulnerability Details
3OSV▶
CVE-2025-39913: In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->c↗2025-10-01
GHSA▶
GHSA-36qj-697h-rh8p: In the Linux kernel, the following vulnerability has been resolved:
tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->↗2025-10-01
CVEList
▶