5.5

CVE-2025-37909

EPSS 0.11%
Veröffentlicht 20.05.2025 15:21:41
Zuletzt bearbeitet 17.11.2025 14:51:33
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

net: lan743x: Fix memleak issue when GSO enabled

In the Linux kernel, the following vulnerability has been resolved:

net: lan743x: Fix memleak issue when GSO enabled

Always map the `skb` to the LS descriptor. Previously skb was
mapped to EXT descriptor when the number of fragments is zero with
GSO enabled. Mapping the skb to EXT descriptor prevents it from
being freed, leading to a memory leak

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

NVD 12 VulnDex Vulnerability Enrichment 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.17 < 5.4.294

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.238

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.182

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.138

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.90

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.28

Linux ≫ Linux Kernel Version >= 6.13 < 6.14.6

Linux ≫ Linux Kernel Version6.15 Updaterc1

Linux ≫ Linux Kernel Version6.15 Updaterc2

Linux ≫ Linux Kernel Version6.15 Updaterc3

Linux ≫ Linux Kernel Version6.15 Updaterc4

Debian ≫ Debian Linux Version11.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.284

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

https://git.kernel.org/stable/c/df993daa4c968b4b23078eacc248f6502ede8664

Patch

https://git.kernel.org/stable/c/a0e0efbabbbe6a1859bc31bf65237ce91e124b9b

Patch

https://git.kernel.org/stable/c/dae1ce27ceaea7e1522025b15252e3cc52802622

Patch

https://git.kernel.org/stable/c/189b05f189cac9fd233ef04d31cb5078c4d09c39

Patch

https://git.kernel.org/stable/c/f42c18e2f14c1b1fdd2a5250069a84bc854c398c

Patch

https://git.kernel.org/stable/c/2d52e2e38b85c8b7bc00dca55c2499f46f8c8198

Patch

https://git.kernel.org/stable/c/093855ce90177488eac772de4eefbb909033ce5f

Patch

https://git.kernel.org/stable/c/6c65ee5ad632eb8dcd3a91cf5dc99b22535f44d9

Patch

https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

Mailing List

https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2025-37909

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-37909

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-37909

EUVD