CVE-2025-21788

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: ethernet: ti: am65-cpsw: fix memleak in certain XDP cases

If the XDP program doesn't result in XDP_PASS then we leak the memory allocated by am65_cpsw_build_skb().

It is pointless to allocate SKB memory before running the XDP program as we would be wasting CPU cycles for cases other than XDP_PASS. Move the SKB allocation after evaluating the XDP program result.

This fixes the memleak. A performance boost is seen for XDP_DROP test.

XDP_DROP test: Before: 460256 rx/s 0 err/s After: 784130 rx/s 0 err/s

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8acacc40f7337527ff84cd901ed2ef0a2b95b2b6 < 1bba1d042107167164a0ae3a843fdf650ab005d7affected
LinuxLinux8acacc40f7337527ff84cd901ed2ef0a2b95b2b6 < dc11f049612b9d926aca2e55f8dc9d82850d0da3affected
LinuxLinux8acacc40f7337527ff84cd901ed2ef0a2b95b2b6 < 5db843258de1e4e6b1ef1cbd1797923c9e3de548affected
LinuxLinux6.10affected
LinuxLinux0 < 6.10unaffected
LinuxLinux6.12.16 <= 6.12.*unaffected
LinuxLinux6.13.4 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References