CVE Catalog

CVE-2025-37909

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile - higher than 6% of all known CVEs

Summary

A memory leak was found in the Linux kernel's lan743x driver. When GSO is enabled and the fragment count is zero, the skb is mapped to the EXT descriptor instead of the LS descriptor, preventing its deallocation.

Risk Assessment

This memory leak can gradually exhaust system resources, potentially leading to system crashes or network service failures.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit in the net branch). If updating is not possible, consider disabling GSO on lan743x interfaces.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: net: lan743x: Fix memleak issue when GSO enabled Always map the `skb` to the LS descriptor. Previously skb was mapped to EXT descriptor when the number of fragments is zero with GSO enabled. Mapping the skb to EXT descriptor prevents it from being freed, leading to a memory leak

Vulnerability data from NVD (NIST) · CISA KEV · EPSS