{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-39847","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T07:20:57.141Z","datePublished":"2025-09-19T15:26:20.648Z","dateUpdated":"2026-05-12T12:07:35.941Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:37:35.647Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix memory leak in pad_compress_skb\n\nIf alloc_skb() fails in pad_compress_skb(), it returns NULL without\nreleasing the old skb. The caller does:\n\n    skb = pad_compress_skb(ppp, skb);\n    if (!skb)\n        goto drop;\n\ndrop:\n    kfree_skb(skb);\n\nWhen pad_compress_skb() returns NULL, the reference to the old skb is\nlost and kfree_skb(skb) ends up doing nothing, leading to a memory leak.\n\nAlign pad_compress_skb() semantics with realloc(): only free the old\nskb if allocation and compression succeed.  At the call site, use the\nnew_skb variable so the original skb is not lost when pad_compress_skb()\nfails."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ppp/ppp_generic.c"],"versions":[{"version":"b3f9b92a6ec1a9a5e4b4b36e484f2f62cc73277c","lessThan":"9ca6a040f76c0b149293e430dabab446f3fc8ab7","status":"affected","versionType":"git"},{"version":"b3f9b92a6ec1a9a5e4b4b36e484f2f62cc73277c","lessThan":"87a35a36742df328d0badf4fbc2e56061c15846c","status":"affected","versionType":"git"},{"version":"b3f9b92a6ec1a9a5e4b4b36e484f2f62cc73277c","lessThan":"0b21e9cd4559102da798bdcba453b64ecd7be7ee","status":"affected","versionType":"git"},{"version":"b3f9b92a6ec1a9a5e4b4b36e484f2f62cc73277c","lessThan":"1d8b354eafb8876d8bdb1bef69c7d2438aacfbe8","status":"affected","versionType":"git"},{"version":"b3f9b92a6ec1a9a5e4b4b36e484f2f62cc73277c","lessThan":"85c1c86a67e09143aa464e9bf09c397816772348","status":"affected","versionType":"git"},{"version":"b3f9b92a6ec1a9a5e4b4b36e484f2f62cc73277c","lessThan":"631fc8ab5beb9e0ec8651fb9875b9a968e7b4ae4","status":"affected","versionType":"git"},{"version":"b3f9b92a6ec1a9a5e4b4b36e484f2f62cc73277c","lessThan":"33a5bac5f14772730d2caf632ae97b6c2ee95044","status":"affected","versionType":"git"},{"version":"b3f9b92a6ec1a9a5e4b4b36e484f2f62cc73277c","lessThan":"4844123fe0b853a4982c02666cb3fd863d701d50","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ppp/ppp_generic.c"],"versions":[{"version":"2.6.15","status":"affected"},{"version":"0","lessThan":"2.6.15","status":"unaffected","versionType":"semver"},{"version":"5.4.299","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.243","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.192","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.151","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.105","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.46","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.16.6","lessThanOrEqual":"6.16.*","status":"unaffected","versionType":"semver"},{"version":"6.17","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.15","versionEndExcluding":"5.4.299"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.15","versionEndExcluding":"5.10.243"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.15","versionEndExcluding":"5.15.192"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.15","versionEndExcluding":"6.1.151"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.15","versionEndExcluding":"6.6.105"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.15","versionEndExcluding":"6.12.46"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.15","versionEndExcluding":"6.16.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.15","versionEndExcluding":"6.17"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/9ca6a040f76c0b149293e430dabab446f3fc8ab7"},{"url":"https://git.kernel.org/stable/c/87a35a36742df328d0badf4fbc2e56061c15846c"},{"url":"https://git.kernel.org/stable/c/0b21e9cd4559102da798bdcba453b64ecd7be7ee"},{"url":"https://git.kernel.org/stable/c/1d8b354eafb8876d8bdb1bef69c7d2438aacfbe8"},{"url":"https://git.kernel.org/stable/c/85c1c86a67e09143aa464e9bf09c397816772348"},{"url":"https://git.kernel.org/stable/c/631fc8ab5beb9e0ec8651fb9875b9a968e7b4ae4"},{"url":"https://git.kernel.org/stable/c/33a5bac5f14772730d2caf632ae97b6c2ee95044"},{"url":"https://git.kernel.org/stable/c/4844123fe0b853a4982c02666cb3fd863d701d50"}],"title":"ppp: fix memory leak in pad_compress_skb","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T17:44:04.958Z"}},{"x_adpType":"supplier","providerMetadata":{"orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP","dateUpdated":"2026-05-12T12:07:35.941Z"},"affected":[{"vendor":"Siemens","product":"SIMATIC CN 4100","versions":[{"status":"affected","version":"0","lessThan":"V5.0","versionType":"custom"}],"defaultStatus":"unknown"}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html"}]}]}}