CVE-2025-68775

EPSS 0.02%
Veröffentlicht 13.01.2026 15:28:52
Zuletzt bearbeitet 14.01.2026 16:26:00
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

net/handshake: duplicate handshake cancellations leak socket

When a handshake request is cancelled it is removed from the
handshake_net->hn_requests list, but it is still present in the
handshake_rhashtbl until it is destroyed.

If a second cancellation request arrives for the same handshake request,
then remove_pending() will return false... and assuming
HANDSHAKE_F_REQ_COMPLETED isn't set in req->hr_flags, we'll continue
processing through the out_true label, where we put another reference on
the sock and a refcount underflow occurs.

This can happen for example if a handshake times out - particularly if
the SUNRPC client sends the AUTH_TLS probe to the server but doesn't
follow it up with the ClientHello due to a problem with tlshd.  When the
timeout is hit on the server, the server will send a FIN, which triggers
a cancellation request via xs_reset_transport().  When the timeout is
hit on the client, another cancellation request happens via
xs_tls_handshake_sync().

Add a test_and_set_bit(HANDSHAKE_F_REQ_COMPLETED) in the pending cancel
path so duplicate cancels can be detected.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 011ae80c49d9bfa5b4336f8bd387cd25c7593663

Version 3b3009ea8abb713b022d94fba95ec270cf6e7eae

Status affected

Version < e1641177e7fb48a0a5a06658d4aab51da6656659

Version 3b3009ea8abb713b022d94fba95ec270cf6e7eae

Status affected

Version < 3c330f1dee3cd92b57e19b9d21dc8ce5970b09be

Version 3b3009ea8abb713b022d94fba95ec270cf6e7eae

Status affected

Version < 15564bd67e2975002f2a8e9defee33e321d3183f

Version 3b3009ea8abb713b022d94fba95ec270cf6e7eae

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.4

Status affected

Version < 6.4

Version 0

Status unaffected

Version <= 6.6.*

Version 6.6.120

Status unaffected

Version <= 6.12.*

Version 6.12.64

Status unaffected

Version <= 6.18.*

Version 6.18.3

Status unaffected

Version <= *

Version 6.19-rc2

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.055

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/011ae80c49d9bfa5b4336f8bd387cd25c7593663

https://git.kernel.org/stable/c/e1641177e7fb48a0a5a06658d4aab51da6656659

https://git.kernel.org/stable/c/3c330f1dee3cd92b57e19b9d21dc8ce5970b09be

https://git.kernel.org/stable/c/15564bd67e2975002f2a8e9defee33e321d3183f

https://nvd.nist.gov/vuln/detail/CVE-2025-68775

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68775

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68775

EUVD