CVE-2025-71148
LOW EPSS 1.6%
Published Jan 23, 20265mo ago · Modified Jun 17, 20262w ago
3.3 CVSS 3.1
Published Jan 23, 2026 5mo ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshake_req_submit() replaces sk->sk_destruct but never restores it when submission fails before the request is hashed. handshake_sk_destruct() then returns early and the original destructor never runs, leaking the socket. Restore sk_destruct on the error path.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None
Threat Intelligence
EPSS Exploit Probability
1.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 4
References 4
- git.kernel.org https://git.kernel.org/stable/c/6af2a01d65f89e73c1cbb9267f8880d83a88cee4
- git.kernel.org https://git.kernel.org/stable/c/7b82a1d6ae869533d8bdb0282a3a78faed8e63dd
- git.kernel.org https://git.kernel.org/stable/c/b225325be7b247c7268e65eea6090db1fc786d1f
- git.kernel.org https://git.kernel.org/stable/c/cd8cf2be3717137554744233fda051ffc09d1d44
Remediation
- git.kernel.org https://git.kernel.org/stable/c/6af2a01d65f89e73c1cbb9267f8880d83a88cee4
- git.kernel.org https://git.kernel.org/stable/c/7b82a1d6ae869533d8bdb0282a3a78faed8e63dd
- git.kernel.org https://git.kernel.org/stable/c/b225325be7b247c7268e65eea6090db1fc786d1f
- git.kernel.org https://git.kernel.org/stable/c/cd8cf2be3717137554744233fda051ffc09d1d44