CVE-2025-22005

Summary

CVE-2025-22005 is a vulnerability affecting the Linux kernel that involves a memory leak in the ipv6 subsystem. Specifically, in the function fib_check_nh_v6_gw(), a memory leak occurs when fib6_nh_init() fails to clean up nhc_pcpu_rth_output. This issue arises due to a commit that moved fib_nh_common_init() before alloc_percpu_gfp() within fib6_nh_init(). Consequently, upon failure to allocate fib6_nh->rt6i_pcpu, the memory allocated for nhc_pcpu_rth_output is not released, leading to a memory leak. To mitigate this issue, fib_nh_common_release() should be called and nhc_pcpu_rth_output should be cleared in the error path. It is also noted that fib6_nh_release() can be removed from nh_create_ipv6() later in net-next.git.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.