Memory Leak in Linux Kernel's TCP Socket with SO_ATTACH_REUSEPORT_EBPF
CVE-2025-21683

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 31 January 2025

Summary

A vulnerability exists in the Linux kernel that affects TCP socket handling when using the SO_ATTACH_REUSEPORT_EBPF option. A memory leak can occur when a TCP socket, previously marked for reuse with this option, becomes established. The issue arises due to improper reference counting, leading to an unreferenced object in memory. This can facilitate resource exhaustion and potential system performance degradation, especially in high-traffic environments. The fix involves ensuring that socket references are appropriately handled in both error and normal processing paths, preventing memory leaks associated with TCP socket reuse.

Affected Version(s)

Linux 64d85290d79c0677edb5a8ee2295b36c022fa5df

Linux 64d85290d79c0677edb5a8ee2295b36c022fa5df < 0ab52a8ca6e156a64c51b5e7456cac9a0ebfd9bf

Linux 64d85290d79c0677edb5a8ee2295b36c022fa5df

References

https://git.kernel.org/stable/c/bb36838dac7bb334a3f3d7eb2...

https://git.kernel.org/stable/c/0ab52a8ca6e156a64c51b5e74...

https://git.kernel.org/stable/c/d0a3b3d1176d39218b8edb2a2...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Dec 29, 2024