{"api_version":"1","generated_at":"2026-07-16T16:22:25+00:00","cve":"CVE-2025-68787","urls":{"html":"https://cve.report/CVE-2025-68787","api":"https://cve.report/api/cve/CVE-2025-68787.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-68787","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-68787"},"summary":{"title":"netrom: Fix memory leak in nr_sendmsg()","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: Fix memory leak in nr_sendmsg()\n\nsyzbot reported a memory leak [1].\n\nWhen function sock_alloc_send_skb() return NULL in nr_output(), the\noriginal skb is not freed, which was allocated in nr_sendmsg(). Fix this\nby freeing it before return.\n\n[1]\nBUG: memory leak\nunreferenced object 0xffff888129f35500 (size 240):\n  comm \"syz.0.17\", pid 6119, jiffies 4294944652\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 10 52 28 81 88 ff ff  ..........R(....\n  backtrace (crc 1456a3e4):\n    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]\n    slab_post_alloc_hook mm/slub.c:4983 [inline]\n    slab_alloc_node mm/slub.c:5288 [inline]\n    kmem_cache_alloc_node_noprof+0x36f/0x5e0 mm/slub.c:5340\n    __alloc_skb+0x203/0x240 net/core/skbuff.c:660\n    alloc_skb include/linux/skbuff.h:1383 [inline]\n    alloc_skb_with_frags+0x69/0x3f0 net/core/skbuff.c:6671\n    sock_alloc_send_pskb+0x379/0x3e0 net/core/sock.c:2965\n    sock_alloc_send_skb include/net/sock.h:1859 [inline]\n    nr_sendmsg+0x287/0x450 net/netrom/af_netrom.c:1105\n    sock_sendmsg_nosec net/socket.c:727 [inline]\n    __sock_sendmsg net/socket.c:742 [inline]\n    sock_write_iter+0x293/0x2a0 net/socket.c:1195\n    new_sync_write fs/read_write.c:593 [inline]\n    vfs_write+0x45d/0x710 fs/read_write.c:686\n    ksys_write+0x143/0x170 fs/read_write.c:738\n    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94\n    entry_SYSCALL_64_after_hwframe+0x77/0x7f","state":"PUBLISHED","assigner":"Linux","published_at":"2026-01-13 16:15:58","updated_at":"2026-07-14 13:18:00"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/613d12dd794e078be8ff3cf6b62a6b9acf7f4619","name":"https://git.kernel.org/stable/c/613d12dd794e078be8ff3cf6b62a6b9acf7f4619","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/8d1ccba4b171cd504ecfa47349cb9864fc9d687c","name":"https://git.kernel.org/stable/c/8d1ccba4b171cd504ecfa47349cb9864fc9d687c","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-019113.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-019113.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/51f5fbc1681bdcffcc7d18bf3dfdb2b1278d3977","name":"https://git.kernel.org/stable/c/51f5fbc1681bdcffcc7d18bf3dfdb2b1278d3977","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/156a0f6341dce634a825db49ca20b48b1ae9bcc1","name":"https://git.kernel.org/stable/c/156a0f6341dce634a825db49ca20b48b1ae9bcc1","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/73839497bbde5cd4fd02bbd9c8bc2640780ae65d","name":"https://git.kernel.org/stable/c/73839497bbde5cd4fd02bbd9c8bc2640780ae65d","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/09efbf54eeaecebe882af603c9939a4b1bb9567e","name":"https://git.kernel.org/stable/c/09efbf54eeaecebe882af603c9939a4b1bb9567e","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/f77e538ac4e3adb1882d5bccb7bfdc111b5963d3","name":"https://git.kernel.org/stable/c/f77e538ac4e3adb1882d5bccb7bfdc111b5963d3","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-68787","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68787","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 f77e538ac4e3adb1882d5bccb7bfdc111b5963d3 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 09efbf54eeaecebe882af603c9939a4b1bb9567e git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 73839497bbde5cd4fd02bbd9c8bc2640780ae65d git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 156a0f6341dce634a825db49ca20b48b1ae9bcc1 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 8d1ccba4b171cd504ecfa47349cb9864fc9d687c git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 51f5fbc1681bdcffcc7d18bf3dfdb2b1278d3977 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 613d12dd794e078be8ff3cf6b62a6b9acf7f4619 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 2.6.12","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 2.6.12 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.10.248 5.10.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15.198 5.15.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.160 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.120 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.64 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.3 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.19 * original_commit_for_fix","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","version":"affected V3.1.6 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","version":"affected V3.1.6 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","version":"affected V3.1.6 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","version":"affected V3.1.6 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP","version":"affected V3.1.6 * custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"68787","cve":"CVE-2025-68787","epss":"0.001730000","percentile":"0.068790000","score_date":"2026-07-14","updated_at":"2026-07-15 00:14:55"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"affected":[{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.6","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.6","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.6","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.6","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.6","versionType":"custom"}]}],"providerMetadata":{"dateUpdated":"2026-07-14T12:44:15.722Z","orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP"},"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-019113.html"}],"x_adpType":"supplier"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["net/netrom/nr_out.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"f77e538ac4e3adb1882d5bccb7bfdc111b5963d3","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"09efbf54eeaecebe882af603c9939a4b1bb9567e","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"73839497bbde5cd4fd02bbd9c8bc2640780ae65d","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"156a0f6341dce634a825db49ca20b48b1ae9bcc1","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"8d1ccba4b171cd504ecfa47349cb9864fc9d687c","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"51f5fbc1681bdcffcc7d18bf3dfdb2b1278d3977","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"613d12dd794e078be8ff3cf6b62a6b9acf7f4619","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["net/netrom/nr_out.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"2.6.12"},{"lessThan":"2.6.12","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"5.10.*","status":"unaffected","version":"5.10.248","versionType":"semver"},{"lessThanOrEqual":"5.15.*","status":"unaffected","version":"5.15.198","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.160","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.120","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.64","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.3","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"6.19","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.248","versionStartIncluding":"2.6.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.198","versionStartIncluding":"2.6.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.160","versionStartIncluding":"2.6.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.120","versionStartIncluding":"2.6.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.64","versionStartIncluding":"2.6.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.3","versionStartIncluding":"2.6.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.19","versionStartIncluding":"2.6.12","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: Fix memory leak in nr_sendmsg()\n\nsyzbot reported a memory leak [1].\n\nWhen function sock_alloc_send_skb() return NULL in nr_output(), the\noriginal skb is not freed, which was allocated in nr_sendmsg(). Fix this\nby freeing it before return.\n\n[1]\nBUG: memory leak\nunreferenced object 0xffff888129f35500 (size 240):\n  comm \"syz.0.17\", pid 6119, jiffies 4294944652\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 10 52 28 81 88 ff ff  ..........R(....\n  backtrace (crc 1456a3e4):\n    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]\n    slab_post_alloc_hook mm/slub.c:4983 [inline]\n    slab_alloc_node mm/slub.c:5288 [inline]\n    kmem_cache_alloc_node_noprof+0x36f/0x5e0 mm/slub.c:5340\n    __alloc_skb+0x203/0x240 net/core/skbuff.c:660\n    alloc_skb include/linux/skbuff.h:1383 [inline]\n    alloc_skb_with_frags+0x69/0x3f0 net/core/skbuff.c:6671\n    sock_alloc_send_pskb+0x379/0x3e0 net/core/sock.c:2965\n    sock_alloc_send_skb include/net/sock.h:1859 [inline]\n    nr_sendmsg+0x287/0x450 net/netrom/af_netrom.c:1105\n    sock_sendmsg_nosec net/socket.c:727 [inline]\n    __sock_sendmsg net/socket.c:742 [inline]\n    sock_write_iter+0x293/0x2a0 net/socket.c:1195\n    new_sync_write fs/read_write.c:593 [inline]\n    vfs_write+0x45d/0x710 fs/read_write.c:686\n    ksys_write+0x143/0x170 fs/read_write.c:738\n    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94\n    entry_SYSCALL_64_after_hwframe+0x77/0x7f"}],"providerMetadata":{"dateUpdated":"2026-05-11T21:53:21.061Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/f77e538ac4e3adb1882d5bccb7bfdc111b5963d3"},{"url":"https://git.kernel.org/stable/c/09efbf54eeaecebe882af603c9939a4b1bb9567e"},{"url":"https://git.kernel.org/stable/c/73839497bbde5cd4fd02bbd9c8bc2640780ae65d"},{"url":"https://git.kernel.org/stable/c/156a0f6341dce634a825db49ca20b48b1ae9bcc1"},{"url":"https://git.kernel.org/stable/c/8d1ccba4b171cd504ecfa47349cb9864fc9d687c"},{"url":"https://git.kernel.org/stable/c/51f5fbc1681bdcffcc7d18bf3dfdb2b1278d3977"},{"url":"https://git.kernel.org/stable/c/613d12dd794e078be8ff3cf6b62a6b9acf7f4619"}],"title":"netrom: Fix memory leak in nr_sendmsg()","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2025-68787","datePublished":"2026-01-13T15:29:00.344Z","dateReserved":"2025-12-24T10:30:51.036Z","dateUpdated":"2026-07-14T12:44:15.722Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-01-13 16:15:58","lastModifiedDate":"2026-07-14 13:18:00","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"68787","Ordinal":"1","Title":"netrom: Fix memory leak in nr_sendmsg()","CVE":"CVE-2025-68787","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"68787","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: Fix memory leak in nr_sendmsg()\n\nsyzbot reported a memory leak [1].\n\nWhen function sock_alloc_send_skb() return NULL in nr_output(), the\noriginal skb is not freed, which was allocated in nr_sendmsg(). Fix this\nby freeing it before return.\n\n[1]\nBUG: memory leak\nunreferenced object 0xffff888129f35500 (size 240):\n  comm \"syz.0.17\", pid 6119, jiffies 4294944652\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 10 52 28 81 88 ff ff  ..........R(....\n  backtrace (crc 1456a3e4):\n    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]\n    slab_post_alloc_hook mm/slub.c:4983 [inline]\n    slab_alloc_node mm/slub.c:5288 [inline]\n    kmem_cache_alloc_node_noprof+0x36f/0x5e0 mm/slub.c:5340\n    __alloc_skb+0x203/0x240 net/core/skbuff.c:660\n    alloc_skb include/linux/skbuff.h:1383 [inline]\n    alloc_skb_with_frags+0x69/0x3f0 net/core/skbuff.c:6671\n    sock_alloc_send_pskb+0x379/0x3e0 net/core/sock.c:2965\n    sock_alloc_send_skb include/net/sock.h:1859 [inline]\n    nr_sendmsg+0x287/0x450 net/netrom/af_netrom.c:1105\n    sock_sendmsg_nosec net/socket.c:727 [inline]\n    __sock_sendmsg net/socket.c:742 [inline]\n    sock_write_iter+0x293/0x2a0 net/socket.c:1195\n    new_sync_write fs/read_write.c:593 [inline]\n    vfs_write+0x45d/0x710 fs/read_write.c:686\n    ksys_write+0x143/0x170 fs/read_write.c:738\n    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94\n    entry_SYSCALL_64_after_hwframe+0x77/0x7f","Type":"Description","Title":"netrom: Fix memory leak in nr_sendmsg()"}]}}}