{"id":"CVE-2025-39847","summary":"ppp: fix memory leak in pad_compress_skb","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix memory leak in pad_compress_skb\n\nIf alloc_skb() fails in pad_compress_skb(), it returns NULL without\nreleasing the old skb. The caller does:\n\n    skb = pad_compress_skb(ppp, skb);\n    if (!skb)\n        goto drop;\n\ndrop:\n    kfree_skb(skb);\n\nWhen pad_compress_skb() returns NULL, the reference to the old skb is\nlost and kfree_skb(skb) ends up doing nothing, leading to a memory leak.\n\nAlign pad_compress_skb() semantics with realloc(): only free the old\nskb if allocation and compression succeed.  At the call site, use the\nnew_skb variable so the original skb is not lost when pad_compress_skb()\nfails.","modified":"2026-03-20T12:43:04.536520Z","published":"2025-09-19T15:26:20.648Z","related":["SUSE-SU-2025:03600-1","SUSE-SU-2025:03614-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20851-1","SUSE-SU-2025:20861-1","SUSE-SU-2025:20870-1","SUSE-SU-2025:20898-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","SUSE-SU-2025:3751-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4141-1","openSUSE-SU-2025:20081-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39847.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0b21e9cd4559102da798bdcba453b64ecd7be7ee"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1d8b354eafb8876d8bdb1bef69c7d2438aacfbe8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/33a5bac5f14772730d2caf632ae97b6c2ee95044"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4844123fe0b853a4982c02666cb3fd863d701d50"},{"type":"WEB","url":"https://git.kernel.org/stable/c/631fc8ab5beb9e0ec8651fb9875b9a968e7b4ae4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/85c1c86a67e09143aa464e9bf09c397816772348"},{"type":"WEB","url":"https://git.kernel.org/stable/c/87a35a36742df328d0badf4fbc2e56061c15846c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9ca6a040f76c0b149293e430dabab446f3fc8ab7"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39847.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39847"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"b3f9b92a6ec1a9a5e4b4b36e484f2f62cc73277c"},{"fixed":"9ca6a040f76c0b149293e430dabab446f3fc8ab7"},{"fixed":"87a35a36742df328d0badf4fbc2e56061c15846c"},{"fixed":"0b21e9cd4559102da798bdcba453b64ecd7be7ee"},{"fixed":"1d8b354eafb8876d8bdb1bef69c7d2438aacfbe8"},{"fixed":"85c1c86a67e09143aa464e9bf09c397816772348"},{"fixed":"631fc8ab5beb9e0ec8651fb9875b9a968e7b4ae4"},{"fixed":"33a5bac5f14772730d2caf632ae97b6c2ee95044"},{"fixed":"4844123fe0b853a4982c02666cb3fd863d701d50"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39847.json"}}],"schema_version":"1.7.5"}