Linux Kernel Refcount Leak Vulnerability in xfrm Policy Check

Vulnerability

A refcount leak vulnerability has been identified in the Linux kernel's xfrm policy management. The issue arises in the __xfrm_policy_check() function, where an error in fetching a specific policy object leads to a failure to properly decrement the reference count of another policy object. This oversight can cause memory leaks. The vulnerability has been addressed by ensuring the reference count is correctly managed, even when errors occur.

Impact

Exploitation of this vulnerability can lead to memory leaks, potentially causing degradation of system performance or stability.

Added: Jun 18, 2025, 8:24 PM

Updated: Jun 18, 2025, 8:24 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Refcount Leak Vulnerability in xfrm Policy Check

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating