CVE-2025-21788 in Linux
Summary
by MITRE • 02/27/2025
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: ti: am65-cpsw: fix memleak in certain XDP cases
If the XDP program doesn't result in XDP_PASS then we leak the memory allocated by am65_cpsw_build_skb().
It is pointless to allocate SKB memory before running the XDP program as we would be wasting CPU cycles for cases other than XDP_PASS. Move the SKB allocation after evaluating the XDP program result.
This fixes the memleak. A performance boost is seen for XDP_DROP test.
XDP_DROP test: Before: 460256 rx/s 0 err/s After: 784130 rx/s 0 err/s
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 05/25/2026
The vulnerability identified as CVE-2025-21788 resides within the Linux kernel's network subsystem, specifically affecting the ti am65-cpsw driver used in Texas Instruments AM65x SoC platforms. This memory leak occurs in the context of XDP (eXpress Data Path) packet processing, which is a high-performance networking feature designed to accelerate packet processing by allowing userspace programs to intercept and handle packets before they reach the kernel's networking stack. The flaw manifests when XDP programs execute but do not return XDP_PASS, which represents the standard case where packets are passed through to the normal network stack for further processing. When XDP programs return other verdicts such as XDP_DROP or XDP_TX, the kernel allocates memory for socket buffers using the am65_cpsw_build_skb() function but fails to properly release this memory, creating a memory leak that accumulates over time and can eventually lead to system instability or performance degradation.
The technical root cause of this vulnerability stems from a flawed memory management approach within the XDP processing pipeline. The driver incorrectly allocates socket buffer memory before executing the XDP program, assuming that all packet processing paths will ultimately require this memory allocation. However, when XDP programs return non-PASS verdicts, the allocated memory becomes unnecessary and is never freed, creating a classic memory leak pattern. This design flaw directly violates the principle of resource management where allocated resources must be properly deallocated regardless of execution paths. The vulnerability aligns with CWE-401, which specifically addresses improper release of memory after use, and represents a failure in proper resource lifecycle management within kernel networking code. The implementation does not account for the fact that XDP programs may drop packets or redirect them elsewhere, making the pre-allocation of SKB memory wasteful and ultimately harmful.
The operational impact of this memory leak extends beyond simple resource wastage, affecting both system stability and performance metrics in production environments. When the memory leak occurs repeatedly during high packet processing loads, it can lead to progressive memory consumption that may eventually exhaust available system resources, causing system slowdowns or even kernel oops due to memory exhaustion. The performance degradation becomes particularly evident in high-throughput scenarios where XDP programs frequently process packets with non-PASS verdicts. The vulnerability demonstrates a clear performance regression pattern, as evidenced by the test results showing a dramatic improvement from 460,256 to 784,130 packets per second processed during XDP_DROP operations. This performance boost indicates that the memory leak was not only consuming system resources but also creating additional overhead through unnecessary memory allocation and deallocation cycles, which the fix resolves by reordering the allocation logic to occur only when necessary.
The mitigation strategy implemented in this fix follows established kernel development best practices for XDP memory management and aligns with the ATT&CK framework's approach to network defense through proper resource handling. The solution involves restructuring the XDP processing flow to defer socket buffer allocation until after the XDP program verdict is known, ensuring that memory is only allocated when actually needed. This approach prevents wasteful allocation of SKB memory for packets that will be dropped or redirected, thereby reducing both memory consumption and CPU overhead. The fix represents a fundamental improvement in kernel networking efficiency, particularly for high-performance networking scenarios where XDP is extensively used. It demonstrates the importance of proper resource management in kernel space, where memory leaks can have cascading effects on system performance and stability. The resolution addresses the vulnerability at its root cause rather than implementing workarounds, making it a robust solution that maintains both security and performance characteristics of the network subsystem while adhering to established kernel development practices and security standards.