netrom: Fix memory leak in nr_sendmsg()
Summary
| CVE | CVE-2025-68787 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-01-13 16:15:58 UTC |
| Updated | 2026-07-14 13:18:00 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: netrom: Fix memory leak in nr_sendmsg() syzbot reported a memory leak [1]. When function sock_alloc_send_skb() return NULL in nr_output(), the original skb is not freed, which was allocated in nr_sendmsg(). Fix this by freeing it before return. [1] BUG: memory leak unreferenced object 0xffff888129f35500 (size 240): comm "syz.0.17", pid 6119, jiffies 4294944652 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 10 52 28 81 88 ff ff ..........R(.... backtrace (crc 1456a3e4): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4983 [inline] slab_alloc_node mm/slub.c:5288 [inline] kmem_cache_alloc_node_noprof+0x36f/0x5e0 mm/slub.c:5340 __alloc_skb+0x203/0x240 net/core/skbuff.c:660 alloc_skb include/linux/skbuff.h:1383 [inline] alloc_skb_with_frags+0x69/0x3f0 net/core/skbuff.c:6671 sock_alloc_send_pskb+0x379/0x3e0 net/core/sock.c:2965 sock_alloc_send_skb include/net/sock.h:1859 [inline] nr_sendmsg+0x287/0x450 net/netrom/af_netrom.c:1105 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] sock_write_iter+0x293/0x2a0 net/socket.c:1195 new_sync_write fs/read_write.c:593 [inline] vfs_write+0x45d/0x710 fs/read_write.c:686 ksys_write+0x143/0x170 fs/read_write.c:738 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f |
Risk And Classification
EPSS: 0.001730000 probability, percentile 0.068790000 (date 2026-07-14)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 f77e538ac4e3adb1882d5bccb7bfdc111b5963d3 git | Not specified |
| CNA | Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 09efbf54eeaecebe882af603c9939a4b1bb9567e git | Not specified |
| CNA | Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 73839497bbde5cd4fd02bbd9c8bc2640780ae65d git | Not specified |
| CNA | Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 156a0f6341dce634a825db49ca20b48b1ae9bcc1 git | Not specified |
| CNA | Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 8d1ccba4b171cd504ecfa47349cb9864fc9d687c git | Not specified |
| CNA | Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 51f5fbc1681bdcffcc7d18bf3dfdb2b1278d3977 git | Not specified |
| CNA | Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 613d12dd794e078be8ff3cf6b62a6b9acf7f4619 git | Not specified |
| CNA | Linux | Linux | affected 2.6.12 | Not specified |
| CNA | Linux | Linux | unaffected 2.6.12 semver | Not specified |
| CNA | Linux | Linux | unaffected 5.10.248 5.10.* semver | Not specified |
| CNA | Linux | Linux | unaffected 5.15.198 5.15.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.1.160 6.1.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.6.120 6.6.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.12.64 6.12.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.18.3 6.18.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.19 * original_commit_for_fix | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.6 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.6 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | affected V3.1.6 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | affected V3.1.6 * custom | Not specified |
| ADP | Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.6 * custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.kernel.org/stable/c/613d12dd794e078be8ff3cf6b62a6b9acf7f4619 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/8d1ccba4b171cd504ecfa47349cb9864fc9d687c | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| cert-portal.siemens.com/productcert/html/ssa-019113.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| git.kernel.org/stable/c/51f5fbc1681bdcffcc7d18bf3dfdb2b1278d3977 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/156a0f6341dce634a825db49ca20b48b1ae9bcc1 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/73839497bbde5cd4fd02bbd9c8bc2640780ae65d | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/09efbf54eeaecebe882af603c9939a4b1bb9567e | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/f77e538ac4e3adb1882d5bccb7bfdc111b5963d3 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.