5.5

CVE-2025-39847

ppp: fix memory leak in pad_compress_skb

In the Linux kernel, the following vulnerability has been resolved:

ppp: fix memory leak in pad_compress_skb

If alloc_skb() fails in pad_compress_skb(), it returns NULL without
releasing the old skb. The caller does:

    skb = pad_compress_skb(ppp, skb);
    if (!skb)
        goto drop;

drop:
    kfree_skb(skb);

When pad_compress_skb() returns NULL, the reference to the old skb is
lost and kfree_skb(skb) ends up doing nothing, leading to a memory leak.

Align pad_compress_skb() semantics with realloc(): only free the old
skb if allocation and compression succeed.  At the call site, use the
new_skb variable so the original skb is not lost when pad_compress_skb()
fails.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.15 < 5.4.299
LinuxLinux Kernel Version >= 5.5 < 5.10.243
LinuxLinux Kernel Version >= 5.11 < 5.15.192
LinuxLinux Kernel Version >= 5.16 < 6.1.151
LinuxLinux Kernel Version >= 6.2 < 6.6.105
LinuxLinux Kernel Version >= 6.7 < 6.12.46
LinuxLinux Kernel Version >= 6.13 < 6.16.6
LinuxLinux Kernel Version6.17 Updaterc1
LinuxLinux Kernel Version6.17 Updaterc2
LinuxLinux Kernel Version6.17 Updaterc3
LinuxLinux Kernel Version6.17 Updaterc4
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.045
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/9ca6a040f76c0b149293e430dabab446f3fc8ab7
Patch
https://git.kernel.org/stable/c/87a35a36742df328d0badf4fbc2e56061c15846c
Patch
https://git.kernel.org/stable/c/0b21e9cd4559102da798bdcba453b64ecd7be7ee
Patch
https://git.kernel.org/stable/c/1d8b354eafb8876d8bdb1bef69c7d2438aacfbe8
Patch
https://git.kernel.org/stable/c/85c1c86a67e09143aa464e9bf09c397816772348
Patch
https://git.kernel.org/stable/c/631fc8ab5beb9e0ec8651fb9875b9a968e7b4ae4
Patch
https://git.kernel.org/stable/c/33a5bac5f14772730d2caf632ae97b6c2ee95044
Patch
https://git.kernel.org/stable/c/4844123fe0b853a4982c02666cb3fd863d701d50
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory
Mailing List
https://cert-portal.siemens.com/productcert/html/ssa-032379.html