Description
In the Linux kernel, the following vulnerability has been resolved: ppp: fix memory leak in pad_compress_skb If alloc_skb() fails in pad_compress_skb(), it returns NULL without releasing the old skb. The caller does: skb = pad_compress_skb(ppp, skb); if (!skb) goto drop; drop: kfree_skb(skb); When pad_compress_skb() returns NULL, the reference to the old skb is lost and kfree_skb(skb) ends up doing nothing, leading to a memory leak. Align pad_compress_skb() semantics with realloc(): only free the old skb if allocation and compression succeed. At the call site, use the new_skb variable so the original skb is not lost when pad_compress_skb() fails.
References (10)
Scores
CVSS v3
5.5
EPSS
0.0002
EPSS Percentile
3.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-401
Status
published
Products (10)
debian/debian_linux
11.0
linux/Kernel
2.6.15 - 5.4.299linux
linux/Kernel
5.11.0 - 5.15.192linux
linux/Kernel
5.16.0 - 6.1.151linux
linux/Kernel
5.5.0 - 5.10.243linux
linux/Kernel
6.13.0 - 6.16.6linux
linux/Kernel
6.2.0 - 6.6.105linux
linux/Kernel
6.7.0 - 6.12.46linux
linux/linux_kernel
6.17 rc1 (4 CPE variants)
linux/linux_kernel
2.6.15 - 5.4.299
Published
Sep 19, 2025
Tracked Since
Feb 18, 2026