Linux Kernel AX25 Device Refcount Leak Vulnerability
CVE-2025-21792

5.5MEDIUM

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
27 February 2025

What is CVE-2025-21792?

A vulnerability in the Linux kernel related to AX25 devices allows for a refcount leak if the SO_BINDTODEVICE socket option is utilized without proper incrementing of the device's reference count. This issue manifests when an AX25 device is connected to a socket using either the ax25_bind() function or the SO_BINDTODEVICE option; however, the necessary refcounts are not always properly managed. As a result, users may encounter memory leaks, with CPU warnings indicating refcount decrements reaching zero. A patch has been implemented to ensure that reference counts are accurately incremented when binding new devices and decremented for unbound devices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 9fd75b66b8f68498454d685dc4ba13192ae069b0 < 90056ece99966182dc0e367f3fd2afab46ada847

Linux 9fd75b66b8f68498454d685dc4ba13192ae069b0 < 94a0de224ed52eb2ecd4f4cb1b937b674c9fb955

Linux 9fd75b66b8f68498454d685dc4ba13192ae069b0

References

https://git.kernel.org/stable/c/90056ece99966182dc0e367f3...
https://git.kernel.org/stable/c/94a0de224ed52eb2ecd4f4cb1...
https://git.kernel.org/stable/c/b58f7ca86a7b8e480c06e30c5...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.