Memory Leak Vulnerability in Linux Kernel TCP Component
CVE-2025-39852

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 19 September 2025

What is CVE-2025-39852?

A vulnerability exists in the Linux Kernel's TCP component, specifically in the handling of TCP-AO failure for IPv6. When the function tcp_ao_copy_all_matching() fails in tcp_v6_syn_recv_sock(), it exits without properly freeing memory, leading to a memory leak. This oversight may allow unreferenced socket objects to accumulate, ultimately affecting system performance and stability. The vulnerability has been addressed by ensuring that proper cleanup routines are called during error handling, aligning the IPv6 approach with the previously established methods used for IPv4.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 06b22ef29591f625ef877ae00d82192938e29e60 < 46d33c878fc0b3d7570366b2c9912395b3f4e701

Linux 06b22ef29591f625ef877ae00d82192938e29e60 < 3d2b356d994a8801acb397cafd28b13672c37ab5

Linux 06b22ef29591f625ef877ae00d82192938e29e60

References

https://git.kernel.org/stable/c/46d33c878fc0b3d7570366b2c...

https://git.kernel.org/stable/c/3d2b356d994a8801acb397caf...

https://git.kernel.org/stable/c/fa390321aba0a54d0f7ae95ee...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 19, 2025
Vulnerability Reserved
Apr 16, 2025

JSON

Linux

What is CVE-2025-39852?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.