CVE-2025-39847
Published: Sep 19, 2025
Modified: May 12, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ppp: fix memory leak in pad_compress_skb If alloc_skb() fails in pad_compress_skb(), it returns NULL without releasing the old skb. The caller does: skb = pad_compress_skb(ppp, skb); if (!skb) goto drop; drop: kfree_skb(skb); When pad_compress_skb() returns NULL, the reference to the old skb is lost and kfree_skb(skb) ends up doing nothing, leading to a memory leak. Align pad_compress_skb() semantics with realloc(): only free the old skb if allocation and compression succeed. At the call site, use the new_skb variable so the original skb is not lost when pad_compress_skb() fails.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected b3f9b92a6ec1a9a5e4b4b36e484f2f62cc73277c - < 9ca6a040f76c0b149293e430dabab446f3fc8ab7affected b3f9b92a6ec1a9a5e4b4b36e484f2f62cc73277c - < 87a35a36742df328d0badf4fbc2e56061c15846caffected b3f9b92a6ec1a9a5e4b4b36e484f2f62cc73277c - < 0b21e9cd4559102da798bdcba453b64ecd7be7eeaffected b3f9b92a6ec1a9a5e4b4b36e484f2f62cc73277c - < 1d8b354eafb8876d8bdb1bef69c7d2438aacfbe8affected b3f9b92a6ec1a9a5e4b4b36e484f2f62cc73277c - < 85c1c86a67e09143aa464e9bf09c397816772348+3 more versions |
Linux | Linux | affected 2.6.15unaffected 0 - < 2.6.15unaffected 5.4.299 - <= 5.4.*unaffected 5.10.243 - <= 5.10.*unaffected 5.15.192 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now