NuytsTech Security

CVE-2025-39847

by ·

In the Linux kernel, the following vulnerability has been resolved:

ppp: fix memory leak in pad_compress_skb

If alloc_skb() fails in pad_compress_skb(), it returns NULL without
releasing the old skb. The caller does:

skb = pad_compress_skb(ppp, skb);
if (!skb)
goto drop;

drop:
kfree_skb(skb);

When pad_compress_skb() returns NULL, the reference to the old skb is
lost and kfree_skb(skb) ends up doing nothing, leading to a memory leak.

Align pad_compress_skb() semantics with realloc(): only free the old
skb if allocation and compression succeed. At the call site, use the
new_skb variable so the original skb is not lost when pad_compress_skb()
fails.

More information : https://git.kernel.org/stable/c/0b21e9cd4559102da798bdcba453b64ecd7be7ee

Tags: