{"id":"CVE-2025-21683","summary":"bpf: Fix bpf_sk_select_reuseport() memory leak","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix bpf_sk_select_reuseport() memory leak\n\nAs pointed out in the original comment, lookup in sockmap can return a TCP\nESTABLISHED socket. Such TCP socket may have had SO_ATTACH_REUSEPORT_EBPF\nset before it was ESTABLISHED. In other words, a non-NULL sk_reuseport_cb\ndoes not imply a non-refcounted socket.\n\nDrop sk's reference in both error paths.\n\nunreferenced object 0xffff888101911800 (size 2048):\n  comm \"test_progs\", pid 44109, jiffies 4297131437\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    80 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace (crc 9336483b):\n    __kmalloc_noprof+0x3bf/0x560\n    __reuseport_alloc+0x1d/0x40\n    reuseport_alloc+0xca/0x150\n    reuseport_attach_prog+0x87/0x140\n    sk_reuseport_attach_bpf+0xc8/0x100\n    sk_setsockopt+0x1181/0x1990\n    do_sock_setsockopt+0x12b/0x160\n    __sys_setsockopt+0x7b/0xc0\n    __x64_sys_setsockopt+0x1b/0x30\n    do_syscall_64+0x93/0x180\n    entry_SYSCALL_64_after_hwframe+0x76/0x7e","modified":"2026-04-02T12:35:19.766100Z","published":"2025-01-31T11:25:42.903Z","related":["SUSE-SU-2025:01614-1","SUSE-SU-2025:01707-1","SUSE-SU-2025:01919-1","SUSE-SU-2025:01951-1","SUSE-SU-2025:01964-1","SUSE-SU-2025:01967-1","SUSE-SU-2025:01972-1","SUSE-SU-2025:20343-1","SUSE-SU-2025:20344-1","SUSE-SU-2025:20354-1","SUSE-SU-2025:20355-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21683.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0ab52a8ca6e156a64c51b5e7456cac9a0ebfd9bf"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b02e70be498b138e9c21701c2f33f4018ca7cd5e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b3af60928ab9129befa65e6df0310d27300942bf"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bb36838dac7bb334a3f3d7eb29875593ec9473fc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cccd51dd22574216e64e5d205489e634f86999f3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d0a3b3d1176d39218b8edb2a2d03164942ab9ccd"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21683.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-21683"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"64d85290d79c0677edb5a8ee2295b36c022fa5df"},{"fixed":"bb36838dac7bb334a3f3d7eb29875593ec9473fc"},{"fixed":"0ab52a8ca6e156a64c51b5e7456cac9a0ebfd9bf"},{"fixed":"d0a3b3d1176d39218b8edb2a2d03164942ab9ccd"},{"fixed":"b02e70be498b138e9c21701c2f33f4018ca7cd5e"},{"fixed":"cccd51dd22574216e64e5d205489e634f86999f3"},{"fixed":"b3af60928ab9129befa65e6df0310d27300942bf"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21683.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}