Impact
A fault in the Linux kernel’s TLS offload subsystem causes an anchor socket buffer (skb) to remain allocated when a receive offload setup fails. The error path in tls_set_device_offload_rx() fails to free the skb that allocates in tls_strp_init(), resulting in a memory leak that can accumulate during repeated failures.
Affected Systems
All Linux kernel builds that include the TLS offload feature without the commit that releases the anchor skb are affected. This includes generic Linux kernel releases prior to the patch that removed the skb allocation in the offload error path.
Risk and Exploitability
The CVSS score of 7.5 reflects a high severity, and the EPSS score is below 1%, indicating a very low likelihood of active exploitation. The leak does not provide code execution or direct network intrusion, but an attacker who can repeatedly trigger offload failures could exhaust kernel memory or degrade system performance, possibly leading to a denial of service. The vulnerability is not listed in CISA’s KEV catalog.
OpenCVE Enrichment
Debian DLA