Linux Kernel BPF Sockmap Double Uncharge Vulnerability in Memory Management

Vulnerability

A vulnerability in the Linux kernel's BPF sockmap implementation can lead to improper memory management. During the teardown of a socket, the memory associated with sk_msg can be double uncharged, potentially allowing for use-after-free conditions. This issue arises when tcp_bpf_sendmsg is called while a socket is being torn down, leading to sk_msg_return uncharging the message memory, followed by sk_msg_free, creating a risk of freeing memory that is still in use.

Impact

Exploitation of this vulnerability can cause memory corruption issues, such as use-after-free vulnerabilities, which could be exploited to execute arbitrary code or cause a denial-of-service condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel BPF Sockmap Double Uncharge Vulnerability in Memory Management

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating