A failure to properly handle memory in the Linux kernel's tun driver creates a memory leak vulnerability that threatens system availability.

This vulnerability resides in the tun_xdp_one() function, where a failure in build_skb() results in an error path that skips freeing an allocated memory page. Repeated triggering of this failure leads to memory exhaustion and system instability.

With a CVSS score of 7.1, this vulnerability presents a significant risk to the availability of Linux-based systems. Memory exhaustion attacks can be difficult to diagnose, and their impact on system performance can lead to widespread service disruption across the affected infrastructure.

Immediate Action: Apply the vendor-provided kernel patch that ensures memory pages are freed appropriately when an error occurs in the tun_xdp_one() function.

Proactive Monitoring: Use system monitoring tools to track memory allocation patterns, specifically looking for leaks associated with network driver error paths.

Compensating Controls: Restrict access to tun/tap device management to privileged users only to minimize the risk of an attacker intentionally triggering this error path.

Public Exploit Available: false

Security teams should prioritize this patch alongside other kernel updates. Ensuring that error-handling paths within the Linux kernel are secure is vital for maintaining the resilience of network-intensive systems against denial-of-service attacks.