#VU106954 Memory leak in Linux kernel - CVE-2025-22005

Cybersecurity Help s.r.o.

Published: 2025-04-03 | Updated: 2025-05-11

Vulnerability identifier: #VU106954

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22005

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the in6_dev_put() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.13, 6.13.1, 6.13.2, 6.13.3, 6.13.4, 6.13.5, 6.13.6, 6.13.7, 6.13.8

External links
https://git.kernel.org/stable/c/119dcafe36795a15ae53351cbbd6177aaf94ffef
https://git.kernel.org/stable/c/29d91820184d5cbc70f3246d4911d96eaeb930d6
https://git.kernel.org/stable/c/77c41cdbe6bce476e08d3251c0d501feaf10a9f3
https://git.kernel.org/stable/c/9740890ee20e01f99ff1dde84c63dcf089fabb98
https://git.kernel.org/stable/c/d3d5b4b5ae263c3225db363ba08b937e2e2b0380
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.9

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Debian update for linux

Memory leak in Linux kernel ipv6