CVE-2025-39913
📋 TL;DR
A memory management vulnerability in the Linux kernel's TCP BPF subsystem where failure to allocate memory for corked data doesn't properly clean up socket resources, leading to a use-after-free condition. This affects systems using SOCKMAP with BPF programs that call bpf_msg_cork_bytes().
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially allowing privilege escalation if combined with other vulnerabilities.
Likely Case
System crash or kernel panic causing denial of service on affected systems.
If Mitigated
No impact if the vulnerable code path isn't triggered (requires specific BPF program configuration).
🎯 Exploit Status
Exploitation requires specific BPF program configuration and memory allocation failure conditions. Found via syzbot fuzzing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with commits: 05366527f44c, 08f58d10f5ab, 539920180c55, 66bcb04a441f, 7429b8b9bfbc
Vendor Advisory: https://git.kernel.org/stable/c/05366527f44cf4b884f3d9462ae8009be9665856
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version 2. Reboot system 3. Verify kernel version matches patched release
🔧 Temporary Workarounds
Disable BPF SOCKMAP functionality
linuxPrevent use of vulnerable code path by disabling SOCKMAP BPF programs
sysctl -w net.core.bpf_jit_enable=0
Remove or disable BPF programs using bpf_msg_cork_bytes()
🧯 If You Can't Patch
- Disable BPF programs using bpf_msg_cork_bytes() function
- Implement memory pressure monitoring and alerting to detect conditions that could trigger the vulnerability
🔍 How to Verify
Check if Vulnerable:
Check if system has BPF programs using bpf_msg_cork_bytes() attached to SOCKMAP: bpftool prog list | grep -i corkCheck Version:
uname -rVerify Fix Applied:
Check kernel version against patched releases and verify no kernel panics occur during memory pressure tests with BPF programs📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs mentioning inet_sock_destruct
- Warnings about memory allocation failures in TCP BPF context
- System crash/reboot events
Network Indicators:
- Sudden termination of TCP connections using BPF acceleration
SIEM Query:
event.category:kernel AND (message:*inet_sock_destruct* OR message:*tcp_bpf* AND message:*allocation*failed*)🔗 References
- https://git.kernel.org/stable/c/05366527f44cf4b884f3d9462ae8009be9665856
- https://git.kernel.org/stable/c/08f58d10f5abf11d297cc910754922498c921f91
- https://git.kernel.org/stable/c/539920180c55f5e13a2488a2339f94e6b8cb69e0
- https://git.kernel.org/stable/c/66bcb04a441fbf15d66834b7e3eefb313dd750c8
- https://git.kernel.org/stable/c/7429b8b9bfbc276fd304fbaebc405f46b421fedf
- https://git.kernel.org/stable/c/9c2a6456bdf9794474460d885c359b6c4522d6e3
- https://git.kernel.org/stable/c/a3967baad4d533dc254c31e0d221e51c8d223d58
- https://git.kernel.org/stable/c/de89e58368f8f07df005ecc1c86ad94898a999f2
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
