SB2025040372 - Memory leak in Linux kernel ipv6
Published: April 3, 2025 Updated: May 11, 2025
Security Bulletin ID
SB2025040372
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2025-22005)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the in6_dev_put() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/119dcafe36795a15ae53351cbbd6177aaf94ffef
- https://git.kernel.org/stable/c/29d91820184d5cbc70f3246d4911d96eaeb930d6
- https://git.kernel.org/stable/c/77c41cdbe6bce476e08d3251c0d501feaf10a9f3
- https://git.kernel.org/stable/c/9740890ee20e01f99ff1dde84c63dcf089fabb98
- https://git.kernel.org/stable/c/d3d5b4b5ae263c3225db363ba08b937e2e2b0380
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.9