CVE-2025-21757 in Linuxinfo

Summary

by MITRE • 02/27/2025

In the Linux kernel, the following vulnerability has been resolved:

net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels

dst_cache_get() gives us a reference, we need to release it.

Discovered by the ioam6.sh test, kmemleak was recently fixed to catch per-cpu memory leaks.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 05/25/2026

This vulnerability resides within the Linux kernel's ipv6 networking stack, specifically affecting the routing protocol implementation and segment routing mechanisms. The issue manifests in the rpl routing protocol, segment routing with ipv6 (seg6), and ipv6 input/output access methods (ioam6) lwtunnels. The root cause involves improper reference counting within the destination cache management system where the dst_cache_get() function provides a reference that fails to be properly released. This memory management oversight creates a resource leak scenario that can accumulate over time and potentially lead to system instability or denial of service conditions.

The vulnerability operates at the kernel level within the network layer processing pipeline, specifically targeting the lightweight tunneling mechanisms that handle ipv6 traffic. When these tunneling protocols process packets through the routing infrastructure, they acquire references to destination cache entries but do not subsequently release them. This creates a classic reference counting error that aligns with common software vulnerabilities classified under CWE-466. The flaw is particularly concerning because it affects core networking functionality that may be actively utilized in production environments, making it a persistent threat to system reliability.

The operational impact of this vulnerability extends beyond simple memory leaks to potentially compromise system stability and performance. When the destination cache references are not properly released, the kernel's memory management system gradually consumes resources that should be available for other network processing tasks. This can lead to progressive memory exhaustion, especially in high-throughput networking environments where these tunneling mechanisms are frequently exercised. The issue was identified through automated testing using the ioam6.sh test suite, which specifically targets ipv6 operations and has revealed the memory leak pattern that was previously masked by limitations in the kmemleak detection system.

The discovery process highlights the importance of comprehensive memory leak detection in kernel space operations, particularly with per-cpu memory allocations that can compound over time. The recent enhancement to kmemleak to better detect per-cpu memory leaks demonstrates the evolving nature of kernel security analysis tools and the ongoing challenge of identifying subtle resource management issues in complex systems. This vulnerability also relates to ATT&CK technique T1070.004, which involves the use of system monitoring tools to detect memory leaks and resource exhaustion conditions that could be exploited by adversaries to degrade system performance or availability. The fix requires ensuring that every dst_cache_get() call is paired with a corresponding release operation, typically through the use of dst_cache_put() or similar reference management functions within the same processing context.

Mitigation strategies should focus on immediate kernel updates that apply the fix for proper reference counting in the affected ipv6 tunneling mechanisms. System administrators should prioritize patching environments where these networking features are actively utilized, particularly in network infrastructure equipment, routers, and servers handling significant ipv6 traffic loads. Monitoring for memory consumption patterns and implementing automated alerting for unusual memory usage trends can help detect potential exploitation of this vulnerability. Additionally, organizations should review their network configurations to minimize exposure of unused or unnecessary ipv6 tunneling features that could present additional attack surface. The fix represents a fundamental correction to kernel memory management practices and aligns with security best practices for maintaining stable and secure network infrastructure operations.

Responsible

Linux

Reservation

12/29/2024

Disclosure

02/27/2025

Moderation

revoked

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!