AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-39847: In the Linux kernel, the following vulnerability has been resolved: ppp: fix memory leak in pad_compress_skb If alloc_

mediumvulnerability

security

Source: NVD/CVE DatabaseSeptember 19, 2025CVE-2025-39847

Summary

A memory leak (wasted memory that isn't freed) occurs in the Linux kernel's PPP (Point-to-Point Protocol, a networking method) compression code when memory allocation fails. The function pad_compress_skb() returns NULL without freeing the old network packet, and the calling code then loses track of that packet, preventing it from being properly cleaned up.

Solution / Mitigation

Align pad_compress_skb() semantics with realloc() (a memory function that only frees old data if new allocation succeeds). Only free the old skb (socket buffer, a data structure holding a network packet) if allocation and compression succeed. At the call site, use the new_skb variable so the original skb is not lost when pad_compress_skb() fails.

Vulnerability Details

CVSS Score

5.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availability

Taxonomy References

CWE (Weakness Type)

CWE-401

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-39847

First tracked: February 15, 2026 at 08:35 PM

Classified by LLM (prompt v3) · confidence: 95%