CVE-2025-71148 PUBLISHED

net/handshake: restore destructor on submit failure

Assigner: Linux
Reserved: 13.01.2026 Published: 23.01.2026 Updated: 23.01.2026

In the Linux kernel, the following vulnerability has been resolved:

net/handshake: restore destructor on submit failure

handshake_req_submit() replaces sk->sk_destruct but never restores it when submission fails before the request is hashed. handshake_sk_destruct() then returns early and the original destructor never runs, leaking the socket. Restore sk_destruct on the error path.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 3b3009ea8abb713b022d94fba95ec270cf6e7eae to cd8cf2be3717137554744233fda051ffc09d1d44 (excl.) affected from 3b3009ea8abb713b022d94fba95ec270cf6e7eae to 7b82a1d6ae869533d8bdb0282a3a78faed8e63dd (excl.) affected from 3b3009ea8abb713b022d94fba95ec270cf6e7eae to b225325be7b247c7268e65eea6090db1fc786d1f (excl.) affected from 3b3009ea8abb713b022d94fba95ec270cf6e7eae to 6af2a01d65f89e73c1cbb9267f8880d83a88cee4 (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 6.4 is affected unaffected from 0 to 6.4 (excl.) unaffected from 6.6.120 to 6.6.* (incl.) unaffected from 6.12.64 to 6.12.* (incl.) unaffected from 6.18.3 to 6.18.* (incl.) unaffected from 6.19-rc2 to * (incl.)

CVE-2025-71148 PUBLISHED

net/handshake: restore destructor on submit failure

Product Status

References