CVE-2025-68787 — Missing Release of Memory after Effective Lifetime in Linux

30 documents7 sources

Severity

7.8HIGHOSV

No vector

EPSS

0.1%

top 83.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +11 more

Timeline

PublishedJan 13

Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: netrom: Fix memory leak in nr_sendmsg() syzbot reported a memory leak [1]. When function sock_alloc_send_skb() return NULL in nr_output(), the original skb is not freed, which was allocated in nr_sendmsg(). Fix this by freeing it before return. [1] BUG: memory leak unreferenced object 0xffff888129f35500 (size 240): comm "syz.0.17", pid 6119, jiffies 4294944652 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00…

Affected Packages16 packages

▶Linuxlinux/linux_kernel2.6.12 — 5.10.248+5

▶Debianlinux/linux_kernel< 5.10.249-1+3

▶Ubuntulinux/linux_kernel< 5.15.0-173.183

▶CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 — f77e538ac4e3adb1882d5bccb7bfdc111b5963d3+7

▶debiandebian/linux< linux 6.1.162-1 (bookworm)

🔴Vulnerability Details

OSV

linux-raspi vulnerabilities↗2026-04-01

▶

OSV

linux-intel-iot-realtime vulnerabilities↗2026-03-23

▶

OSV

linux-nvidia-tegra-igx vulnerabilities↗2026-03-23

▶

OSV

linux-realtime vulnerabilities↗2026-03-17

▶

OSV

linux-aws-5.15, linux-gcp-5.15, linux-gke, linux-hwe-5.15, linux-intel-iotg-5.15, linux-lowlatency-hwe-5.15, linux-oracle-5.15 vulnerabilities↗2026-03-17

▶

📋Vendor Advisories

Ubuntu

Linux kernel (GCP) vulnerabilities↗2026-04-17

▶

Ubuntu

Linux kernel (FIPS) vulnerabilities↗2026-04-17

▶

Ubuntu

Linux kernel (Real-time) vulnerabilities↗2026-04-17

▶

Ubuntu

Linux kernel (Real-time) vulnerabilities↗2026-04-17

▶

Ubuntu

Linux kernel (NVIDIA) vulnerabilities↗2026-04-17

▶

🕵️Threat Intelligence

Wiz

CVE-2025-68787 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶