Acknowledged
Created: Jul 3, 2025
Updated: Jul 8, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]espintcp: remove encap socket caching to avoid reference leak[EOL][EOL]The current scheme for caching the encap socket can lead to reference[EOL]leaks when we try to delete the netns.[EOL][EOL]The reference chain is: xfrm_state -> enacp_sk -> netns[EOL][EOL]Since the encap socket is a userspace socket, it holds a reference on[EOL]the netns. If we delete the espintcp state (through flush or[EOL]individual delete) before removing the netns, the reference on the[EOL]socket is dropped and the netns is correctly deleted. Otherwise, the[EOL]netns may not be reachable anymore (if all processes within the ns[EOL]have terminated), so we cannot delete the xfrm state to drop its[EOL]reference on the socket.[EOL][EOL]This patch results in a small (~2% in my tests) performance[EOL]regression.[EOL][EOL]A GC-type mechanism could be added for the socket cache, to clear[EOL]references if the state hasn't been used "recently", but it's a lot[EOL]more complex than just not caching the socket.
CREATE(Triage):(User=lchen-cn) [CVE-2025-38097 (https://nvd.nist.gov/vuln/detail/CVE-2025-38097)
