CVE-2025-39847
EUVD-2025-3035319.09.2025, 16:15
In the Linux kernel, the following vulnerability has been resolved:
ppp: fix memory leak in pad_compress_skb
If alloc_skb() fails in pad_compress_skb(), it returns NULL without
releasing the old skb. The caller does:
skb = pad_compress_skb(ppp, skb);
if (!skb)
goto drop;
drop:
kfree_skb(skb);
When pad_compress_skb() returns NULL, the reference to the old skb is
lost and kfree_skb(skb) ends up doing nothing, leading to a memory leak.
Align pad_compress_skb() semantics with realloc(): only free the old
skb if allocation and compression succeed. At the call site, use the
new_skb variable so the original skb is not lost when pad_compress_skb()
fails.EnginsightAffected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.6.15 ≤ 𝑥 < 5.4.299 |
| linux | linux_kernel | 5.5 ≤ 𝑥 < 5.10.243 |
| linux | linux_kernel | 5.11 ≤ 𝑥 < 5.15.192 |
| linux | linux_kernel | 5.16 ≤ 𝑥 < 6.1.151 |
| linux | linux_kernel | 6.2 ≤ 𝑥 < 6.6.105 |
| linux | linux_kernel | 6.7 ≤ 𝑥 < 6.12.46 |
| linux | linux_kernel | 6.13 ≤ 𝑥 < 6.16.6 |
| linux | linux_kernel | 6.17:rc1 |
| linux | linux_kernel | 6.17:rc2 |
| linux | linux_kernel | 6.17:rc3 |
| linux | linux_kernel | 6.17:rc4 |
| debian | debian_linux | 11.0 |
𝑥
= Vulnerable software versions
Debian Releases
Common Weakness Enumeration
References