Linux Kernel Memory Leak Vulnerability in LAN743X Driver with GSO Enabled

Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's LAN743X network driver when Generic Segmentation Offload (GSO) is enabled. The issue arises because the socket buffer (skb) is incorrectly mapped to the EXT descriptor instead of the LS descriptor when there are no fragments. This misallocation prevents the skb from being properly freed, leading to a memory leak.

Impact

Exploitation of this vulnerability causes a memory leak, which can degrade system performance over time by consuming available memory resources.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Memory Leak Vulnerability in LAN743X Driver with GSO Enabled

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating