CVE-2025-39847 – This CVE describes a memory leak vulnerability ... (How to Fix)

Q: What is the severity of CVE-2025-39847?

CVE-2025-39847 has a CVSS score of 5.5 (MEDIUM). This CVE describes a memory leak vulnerability in the Linux kernel's PPP (Point-to-Point Protocol) implementation. When the pad_compress_skb() function fails to allocate memory for compression, it doesn't properly release the original network buffer, causing a memory leak. This affects systems using PPP connections, particularly routers, VPN servers, and embedded devices.

📋 TL;DR

This CVE describes a memory leak vulnerability in the Linux kernel's PPP (Point-to-Point Protocol) implementation. When the pad_compress_skb() function fails to allocate memory for compression, it doesn't properly release the original network buffer, causing a memory leak. This affects systems using PPP connections, particularly routers, VPN servers, and embedded devices.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not specified in CVE; check kernel commit history for exact ranges

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with PPP functionality enabled and in use; many modern systems may not use PPP by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or potential kernel crashes.

🟠

Likely Case

Gradual memory consumption under heavy PPP traffic, potentially leading to performance degradation or service disruption over time.

🟢

If Mitigated

Minimal impact with proper monitoring and memory limits in place; may cause occasional packet drops under memory pressure.

🌐 Internet-Facing: MEDIUM - Systems with PPP-based internet connections (PPPoE, VPNs) are exposed, but exploitation requires specific traffic patterns.

🏢 Internal Only: LOW - Internal systems using PPP for internal networking are less likely to be targeted and have more controlled traffic.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to send PPP traffic to trigger the memory allocation failure path; not trivial to weaponize for immediate impact.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 0b21e9cd4559102da798bdcba453b64ecd7be7ee and related fixes

Vendor Advisory: https://git.kernel.org/stable/c/0b21e9cd4559102da798bdcba453b64ecd7be7ee

Restart Required: No

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. For custom kernels, apply commits from kernel.org. 3. Recompile and deploy kernel if building from source.

🔧 Temporary Workarounds

Disable PPP compression

Linux

Prevent the vulnerable code path by disabling PPP compression features

echo 0 > /proc/sys/net/ipv4/ip_ppp_compression
sysctl -w net.ipv4.ip_ppp_compression=0

Disable PPP module

Linux

Remove PPP functionality if not required

rmmod ppp_generic
rmmod pppox
rmmod pppoe

🧯 If You Can't Patch

Implement memory usage monitoring and alerts for PPP-related processes
Restrict PPP usage to trusted networks only

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if PPP compression is enabled: cat /proc/sys/net/ipv4/ip_ppp_compression

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched and test PPP connections while monitoring memory usage

📡 Detection & Monitoring

Log Indicators:

Kernel OOM (Out of Memory) messages
PPP connection errors
Increasing memory usage by kernel processes

Network Indicators:

Unusual PPP traffic patterns
PPP connection failures

SIEM Query:

source="kernel" AND ("PPP" OR "ppp") AND ("memory" OR "OOM" OR "allocation failed")

📊 Metadata

CVE ID: CVE-2025-39847

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

EPSS Score: 0.02% exploit probability (5.1th percentile)

Published: September 19, 2025

Last Updated: January 20, 2026

🔗 References

https://git.kernel.org/stable/c/0b21e9cd4559102da798bdcba453b64ecd7be7ee Patch
https://git.kernel.org/stable/c/1d8b354eafb8876d8bdb1bef69c7d2438aacfbe8 Patch
https://git.kernel.org/stable/c/33a5bac5f14772730d2caf632ae97b6c2ee95044 Patch
https://git.kernel.org/stable/c/4844123fe0b853a4982c02666cb3fd863d701d50 Patch
https://git.kernel.org/stable/c/631fc8ab5beb9e0ec8651fb9875b9a968e7b4ae4 Patch
https://git.kernel.org/stable/c/85c1c86a67e09143aa464e9bf09c397816772348 Patch
https://git.kernel.org/stable/c/87a35a36742df328d0badf4fbc2e56061c15846c Patch
https://git.kernel.org/stable/c/9ca6a040f76c0b149293e430dabab446f3fc8ab7 Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Third Party Advisory,Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory,Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-39847, you might also want to check these: