Fixed
Created: Oct 22, 2025
Updated: Oct 26, 2025
Resolved Date: Oct 26, 2025
Found In Version: 10.22.33.1
Fix Version: 10.22.33.3
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]xfrm: Update ipcomp_scratches with NULL when freed[EOL][EOL]Currently if ipcomp_alloc_scratches() fails to allocate memory[EOL]ipcomp_scratches holds obsolete address. So when we try to free the[EOL]percpu scratches using ipcomp_free_scratches() it tries to vfree non[EOL]existent vm area. Described below:[EOL][EOL]static void * __percpu *ipcomp_alloc_scratches(void)[EOL]{[EOL] ...[EOL] scratches = alloc_percpu(void *);[EOL] if (!scratches)[EOL] return NULL;[EOL]ipcomp_scratches does not know about this allocation failure.[EOL]Therefore holding the old obsolete address.[EOL] ...[EOL]}[EOL][EOL]So when we free,[EOL][EOL]static void ipcomp_free_scratches(void)[EOL]{[EOL] ...[EOL] scratches = ipcomp_scratches;[EOL]Assigning obsolete address from ipcomp_scratches[EOL][EOL] if (!scratches)[EOL] return;[EOL][EOL] for_each_possible_cpu(i)[EOL] vfree(*per_cpu_ptr(scratches, i));[EOL]Trying to free non existent page, causing warning: trying to vfree[EOL]existent vm area.[EOL] ...[EOL]}[EOL][EOL]Fix this breakage by updating ipcomp_scrtches with NULL when scratches[EOL]is freed
