Memory Leak and Refcount Imbalance in Linux Kernel Networking

CVE-2025-38470

What is CVE-2025-38470?

This vulnerability in the Linux kernel's networking subsystem governs how virtual LAN (VLAN) identifiers are managed during device state changes. When the 'rx-vlan-filter' feature is toggled, it can lead to a memory leak if VLAN 0 is automatically added and not properly removed when the network device is taken down. This can leave behind orphaned memory allocations. Additionally, if the VLAN filtering is disabled before the corresponding network device is brought up, the kernel may attempt to delete VLAN 0 incorrectly, which can result in a null pointer dereference and destabilize the networking stack. Both issues stem from a refcount imbalance which can occur during runtime transitions of the network device. The resolution involves a more robust tracking mechanism to ensure proper reference counting and cleanup of VLAN identifiers.

References