Impact
In the Linux kernel, the neigh_xmit routine incorrectly manages socket buffer (skb) ownership when a neighbor table is absent. When neigh_xmit is called without an initialized neighbor table, it returns an error and skips the code that would normally free or transmit the skb. Because callers ignore the return value, the skb can remain allocated, creating a memory leak. These missing releases can lead to kernel memory exhaustion and, eventually, a denial‑of‑service. This issue exemplifies a CWE‑772 Resource Leak vulnerability.
Affected Systems
It affects any Linux kernel build that has not yet applied the ownership change to neigh_xmit. All distributions based on the kernel source prior to the patch, including recent stable releases, are at risk. The issue is unrelated to specific network drivers, so any system using the default network stack could be impacted.
Risk and Exploitability
The CVSS score is 7.5, reflecting high severity. The EPSS value of < 1% indicates a very low likelihood of exploitation in the wild, and the vulnerability is not included in the CISA KEV catalog. An attacker would need to trigger neigh_xmit with an uninitialized neighbor table, which could be achieved by crafting particular MPLS packets, disabling IPv6, or manipulating netlink interfaces. If successful, the silent skb leak could accumulate over time, depleting system memory and causing kernel panics or hangs.
OpenCVE Enrichment
Debian DLA