{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T23:43:27.009","vulnerabilities":[{"cve":{"id":"CVE-2025-21683","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-01-31T12:15:29.460","lastModified":"2025-11-03T21:19:06.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix bpf_sk_select_reuseport() memory leak\n\nAs pointed out in the original comment, lookup in sockmap can return a TCP\nESTABLISHED socket. Such TCP socket may have had SO_ATTACH_REUSEPORT_EBPF\nset before it was ESTABLISHED. In other words, a non-NULL sk_reuseport_cb\ndoes not imply a non-refcounted socket.\n\nDrop sk's reference in both error paths.\n\nunreferenced object 0xffff888101911800 (size 2048):\n  comm \"test_progs\", pid 44109, jiffies 4297131437\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    80 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace (crc 9336483b):\n    __kmalloc_noprof+0x3bf\/0x560\n    __reuseport_alloc+0x1d\/0x40\n    reuseport_alloc+0xca\/0x150\n    reuseport_attach_prog+0x87\/0x140\n    sk_reuseport_attach_bpf+0xc8\/0x100\n    sk_setsockopt+0x1181\/0x1990\n    do_sock_setsockopt+0x12b\/0x160\n    __sys_setsockopt+0x7b\/0xc0\n    __x64_sys_setsockopt+0x1b\/0x30\n    do_syscall_64+0x93\/0x180\n    entry_SYSCALL_64_after_hwframe+0x76\/0x7e"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Se solucionó la pérdida de memoria de bpf_sk_select_reuseport() Como se señaló en el comentario original, la búsqueda en sockmap puede devolver un socket TCP ESTABLISHED. Es posible que dicho socket TCP haya tenido SO_ATTACH_REUSEPORT_EBPF configurado antes de que se estableciera. En otras palabras, un sk_reuseport_cb que no sea NULL no implica un socket sin referencia. Elimine la referencia de sk en ambas rutas de error. objeto sin referencia 0xffff888101911800 (tamaño 2048): comm \"test_progs\", pid 44109, jiffies 4297131437 volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 80 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ seguimiento inverso (crc 9336483b): __kmalloc_noprof+0x3bf\/0x560 __reuseport_alloc+0x1d\/0x40 reuseport_alloc+0xca\/0x150 reuseport_attach_prog+0x87\/0x140 sk_reuseport_attach_bpf+0xc8\/0x100 sk_setsockopt+0x1181\/0x1990 do_sock_setsockopt+0x12b\/0x160 __sys_setsockopt+0x7b\/0xc0 __x64_sys_setsockopt+0x1b\/0x30 do_syscall_64+0x93\/0x180 entrada_SYSCALL_64_después_hwframe+0x76\/0x7e"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8","versionEndExcluding":"5.15.177","matchCriteriaId":"CADC1330-CBF0-4968-9FBE-484E2128B8C5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.127","matchCriteriaId":"A3538C88-E91E-4A62-8415-2EA2F03EAAE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.74","matchCriteriaId":"38B2F4A9-C656-4A97-8718-D27E6BDFD82A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.11","matchCriteriaId":"B7D0DBC3-F63C-4396-8A47-6F3D4FA0556E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*","matchCriteriaId":"62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*","matchCriteriaId":"5A073481-106D-4B15-B4C7-FB0213B8E1D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*","matchCriteriaId":"DE491969-75AE-4A6B-9A58-8FC5AF98798F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*","matchCriteriaId":"93C0660D-7FB8-4FBA-892A-B064BA71E49E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*","matchCriteriaId":"034C36A6-C481-41F3-AE9A-D116E5BE6895"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*","matchCriteriaId":"8AF9DC49-2085-4FFB-A7E3-73DFAFECC7F2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc7:*:*:*:*:*:*","matchCriteriaId":"5DFCDFB8-4FD0-465A-9076-D813D78FE51B"}]}]}],"references":[{"url":"https:\/\/git.kernel.org\/stable\/c\/0ab52a8ca6e156a64c51b5e7456cac9a0ebfd9bf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/b02e70be498b138e9c21701c2f33f4018ca7cd5e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/b3af60928ab9129befa65e6df0310d27300942bf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/bb36838dac7bb334a3f3d7eb29875593ec9473fc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/cccd51dd22574216e64e5d205489e634f86999f3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/d0a3b3d1176d39218b8edb2a2d03164942ab9ccd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/lists.debian.org\/debian-lts-announce\/2025\/03\/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https:\/\/lists.debian.org\/debian-lts-announce\/2025\/03\/msg00002.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}