5.5
MEDIUM
CVE-2025-21683
Linux Kernel bpf SO_ATTACH_REUSEPORT_EBPF Memory Leak Vulnerability
Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_sk_select_reuseport() memory leak As pointed out in the original comment, lookup in sockmap can return a TCP ESTABLISHED socket. Such TCP socket may have had SO_ATTACH_REUSEPORT_EBPF set before it was ESTABLISHED. In other words, a non-NULL sk_reuseport_cb does not imply a non-refcounted socket. Drop sk's reference in both error paths. unreferenced object 0xffff888101911800 (size 2048): comm "test_progs", pid 44109, jiffies 4297131437 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 80 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 9336483b): __kmalloc_noprof+0x3bf/0x560 __reuseport_alloc+0x1d/0x40 reuseport_alloc+0xca/0x150 reuseport_attach_prog+0x87/0x140 sk_reuseport_attach_bpf+0xc8/0x100 sk_setsockopt+0x1181/0x1990 do_sock_setsockopt+0x12b/0x160 __sys_setsockopt+0x7b/0xc0 __x64_sys_setsockopt+0x1b/0x30 do_syscall_64+0x93/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e

INFO

Published Date :

Jan. 31, 2025, 12:15 p.m.

Last Modified :

Feb. 3, 2025, 8:01 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

1.8
Public PoC/Exploit Available at Github

CVE-2025-21683 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2025-21683 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-21683.

URL Resource
https://git.kernel.org/stable/c/0ab52a8ca6e156a64c51b5e7456cac9a0ebfd9bf Patch
https://git.kernel.org/stable/c/b02e70be498b138e9c21701c2f33f4018ca7cd5e Patch
https://git.kernel.org/stable/c/b3af60928ab9129befa65e6df0310d27300942bf Patch
https://git.kernel.org/stable/c/bb36838dac7bb334a3f3d7eb29875593ec9473fc Patch
https://git.kernel.org/stable/c/cccd51dd22574216e64e5d205489e634f86999f3 Patch
https://git.kernel.org/stable/c/d0a3b3d1176d39218b8edb2a2d03164942ab9ccd Patch

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
w4zu/Debian_security

DSA and DLA for Debian last 14 days

Python

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : Feb. 12, 2025, 2:08 p.m. This repo has been linked 125 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-21683 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2025-21683 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Feb. 03, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE NIST CWE-401
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.8 up to (excluding) 5.15.177 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.127 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.74 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.11 *cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.13:rc7:*:*:*:*:*:*
    Changed Reference Type https://git.kernel.org/stable/c/0ab52a8ca6e156a64c51b5e7456cac9a0ebfd9bf No Types Assigned https://git.kernel.org/stable/c/0ab52a8ca6e156a64c51b5e7456cac9a0ebfd9bf Patch
    Changed Reference Type https://git.kernel.org/stable/c/b02e70be498b138e9c21701c2f33f4018ca7cd5e No Types Assigned https://git.kernel.org/stable/c/b02e70be498b138e9c21701c2f33f4018ca7cd5e Patch
    Changed Reference Type https://git.kernel.org/stable/c/b3af60928ab9129befa65e6df0310d27300942bf No Types Assigned https://git.kernel.org/stable/c/b3af60928ab9129befa65e6df0310d27300942bf Patch
    Changed Reference Type https://git.kernel.org/stable/c/bb36838dac7bb334a3f3d7eb29875593ec9473fc No Types Assigned https://git.kernel.org/stable/c/bb36838dac7bb334a3f3d7eb29875593ec9473fc Patch
    Changed Reference Type https://git.kernel.org/stable/c/cccd51dd22574216e64e5d205489e634f86999f3 No Types Assigned https://git.kernel.org/stable/c/cccd51dd22574216e64e5d205489e634f86999f3 Patch
    Changed Reference Type https://git.kernel.org/stable/c/d0a3b3d1176d39218b8edb2a2d03164942ab9ccd No Types Assigned https://git.kernel.org/stable/c/d0a3b3d1176d39218b8edb2a2d03164942ab9ccd Patch
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Feb. 02, 2025

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/bb36838dac7bb334a3f3d7eb29875593ec9473fc
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jan. 31, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_sk_select_reuseport() memory leak As pointed out in the original comment, lookup in sockmap can return a TCP ESTABLISHED socket. Such TCP socket may have had SO_ATTACH_REUSEPORT_EBPF set before it was ESTABLISHED. In other words, a non-NULL sk_reuseport_cb does not imply a non-refcounted socket. Drop sk's reference in both error paths. unreferenced object 0xffff888101911800 (size 2048): comm "test_progs", pid 44109, jiffies 4297131437 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 80 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 9336483b): __kmalloc_noprof+0x3bf/0x560 __reuseport_alloc+0x1d/0x40 reuseport_alloc+0xca/0x150 reuseport_attach_prog+0x87/0x140 sk_reuseport_attach_bpf+0xc8/0x100 sk_setsockopt+0x1181/0x1990 do_sock_setsockopt+0x12b/0x160 __sys_setsockopt+0x7b/0xc0 __x64_sys_setsockopt+0x1b/0x30 do_syscall_64+0x93/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e
    Added Reference https://git.kernel.org/stable/c/0ab52a8ca6e156a64c51b5e7456cac9a0ebfd9bf
    Added Reference https://git.kernel.org/stable/c/b02e70be498b138e9c21701c2f33f4018ca7cd5e
    Added Reference https://git.kernel.org/stable/c/b3af60928ab9129befa65e6df0310d27300942bf
    Added Reference https://git.kernel.org/stable/c/cccd51dd22574216e64e5d205489e634f86999f3
    Added Reference https://git.kernel.org/stable/c/d0a3b3d1176d39218b8edb2a2d03164942ab9ccd
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-21683 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-21683 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: