CVE-2025-37909
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk6th percentile - higher than 6% of all known CVEs
Summary
A memory leak was found in the Linux kernel's lan743x driver. When GSO is enabled and the fragment count is zero, the skb is mapped to the EXT descriptor instead of the LS descriptor, preventing its deallocation.
Risk Assessment
This memory leak can gradually exhaust system resources, potentially leading to system crashes or network service failures.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit in the net branch). If updating is not possible, consider disabling GSO on lan743x interfaces.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: net: lan743x: Fix memleak issue when GSO enabled Always map the `skb` to the LS descriptor. Previously skb was mapped to EXT descriptor when the number of fragments is zero with GSO enabled. Mapping the skb to EXT descriptor prevents it from being freed, leading to a memory leak

