Memory Leak Vulnerability in Linux Kernel's PPP Module
CVE-2025-39847

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 19 September 2025

What is CVE-2025-39847?

The Linux kernel's Point-to-Point Protocol (PPP) module has a vulnerability leading to memory leaks. When the function pad_compress_skb() fails due to allocation issues, it fails to release the previous socket buffer (skb), resulting in lost references and memory retention. This can adversely affect system memory management, leading to performance degradation. The vulnerability has been addressed by ensuring that memory is only freed when the new allocation and compression processes are successful, thereby preventing memory leaks and maintaining kernel stability.

Affected Version(s)

Linux b3f9b92a6ec1a9a5e4b4b36e484f2f62cc73277c < 9ca6a040f76c0b149293e430dabab446f3fc8ab7

Linux b3f9b92a6ec1a9a5e4b4b36e484f2f62cc73277c < 87a35a36742df328d0badf4fbc2e56061c15846c

Linux b3f9b92a6ec1a9a5e4b4b36e484f2f62cc73277c < 0b21e9cd4559102da798bdcba453b64ecd7be7ee

References

https://git.kernel.org/stable/c/9ca6a040f76c0b149293e430d...

https://git.kernel.org/stable/c/87a35a36742df328d0badf4fb...

https://git.kernel.org/stable/c/0b21e9cd4559102da798bdcba...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2025
Vulnerability Reserved
Apr 16, 2025