Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Refcount Leak Vulnerability in XFRM Policy Migration

Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's XFRM (IPsec) policy management. This issue arises from a double reference count increment in the policy migration function, which leads to an unreferenced object and a memory leak. The vulnerability affects the stable versions of the Linux kernel.

Impact

Exploitation of this vulnerability causes a memory leak, where allocated memory is not properly released, leading to increased memory usage and potential exhaustion of system resources.

Reproduction

The vulnerability can be reproduced by invoking the XFRM policy migration function, which will trigger the double reference count increment. This can be done using a tool like Syzkaller, which reported the issue.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been fixed.

Added: May 6, 2026, 10:51 AM
Updated: May 6, 2026, 10:51 AM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
4.3
remediation
7.7
relevance
7.6
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.