Linux Kernel Memory Leak Vulnerability in BPF Verifier

Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's BPF verifier. The issue arises during array reallocation for stack state management. When an error occurs and NULL is returned by the krealloc() function, the original allocation pointer is not updated, leading to a resource leak. This vulnerability affects several Linux kernel versions.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly freed, causing an unreferenced object to remain in memory.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Memory Leak Vulnerability in BPF Verifier

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating