Linux Kernel Out-of-Bounds Message Handling PID Leak Vulnerability

Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's handling of out-of-band (OOB) messages via the AF_UNIX socket interface. The issue arises because the 'queue_oob()' function calls 'maybe_add_creds()', which can hold a reference to a process ID (PID). However, the socket's destructor is not properly set, leading to a situation where the PID reference is not released. This vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, where references to process IDs are not properly released, potentially causing unreferenced object leaks.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Out-of-Bounds Message Handling PID Leak Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating