CVE-2025-71148

LOW EPSS 1.6%
Published Jan 23, 20265mo ago · Modified Jun 17, 20262w ago
3.3 CVSS 3.1
Low
Find Similar
Published Jan 23, 2026 5mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshake_req_submit() replaces sk->sk_destruct but never restores it when submission fails before the request is hashed. handshake_sk_destruct() then returns early and the original destructor never runs, leaking the socket. Restore sk_destruct on the error path.

CVSS Details

Base Score
3.3
Exploitability
1.8
Impact
1.4
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
1.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel*≥6.4  –  <6.6.120
linuxlinux_kernel*≥6.7  –  <6.12.64
linuxlinux_kernel*≥6.13  –  <6.18.3
linuxlinux_kernel6.19any

References 4

  • git.kernel.org https://git.kernel.org/stable/c/6af2a01d65f89e73c1cbb9267f8880d83a88cee4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7b82a1d6ae869533d8bdb0282a3a78faed8e63dd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b225325be7b247c7268e65eea6090db1fc786d1f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cd8cf2be3717137554744233fda051ffc09d1d44
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/6af2a01d65f89e73c1cbb9267f8880d83a88cee4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7b82a1d6ae869533d8bdb0282a3a78faed8e63dd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b225325be7b247c7268e65eea6090db1fc786d1f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cd8cf2be3717137554744233fda051ffc09d1d44
    Patch