CVE-2025-71148Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime13 documents7 sources
Severity
3.3LOWNVD
EPSS
0.0%
top 95.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
LinuxLinux KernelDebian Linux+10 more
Timeline
PublishedJan 23
Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshake_req_submit() replaces sk->sk_destruct but never restores it when submission fails before the request is hashed. handshake_sk_destruct() then returns early and the original destructor never runs, leaking the socket. Restore sk_destruct on the error path.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages14 packages

NVDlinux/linux_kernel6.46.6.120+3
Debianlinux/linux_kernel< 6.12.69-1+1
CVEListV5linux/linux3b3009ea8abb713b022d94fba95ec270cf6e7eaecd8cf2be3717137554744233fda051ffc09d1d44+4
debiandebian/linux< linux 6.18.3-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-c3vj-7cm3-p3xg: In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshake_req_submit() repla2026-01-23
OSV
CVE-2025-71148: In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshake_req_submit() replace2026-01-23

📋Vendor Advisories

9
Ubuntu
Linux kernel (GCP) vulnerabilities2026-04-17
Ubuntu
Linux kernel (FIPS) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2026-04-17

🕵️Threat Intelligence

1
Wiz
CVE-2025-71148 Impact, Exploitability, and Mitigation Steps | Wiz