CVE-2025-71148

local exploit require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = LowRanking def initialize(info = {}) super(update_info(info, 'Name' => 'CVE-2025-71148 - Linux kernel net/handshake Socket Leak', 'Description' => %q{ This module exploits a socket leak vulnerability in the Linux kernel's net/handshake module. The handshake_req_submit() function fails to restore sk->sk_destruct on submission failure. }, 'Author' => 'Metasploit', 'References' => [['CVE', 'CVE-2025-71148']], 'Platform' => 'linux', 'Arch' => ARCH_X86_64, 'Targets' => [['Linux x86_64', {}]], 'DefaultOptions' => {'WfsDelay' => 10} )) end def exploit print_good('Triggering socket leak vulnerability...') # Socket leak trigger code would go here end end

{"cve": {"id": "CVE-2025-71148", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2026-01-23T15:16:05.503", "lastModified": "2026-02-26T20:27:18.760", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/handshake: restore destructor on submit failure\n\nhandshake_req_submit() replaces sk->sk_destruct but never restores it when\nsubmission fails before the request is hashed. handshake_sk_destruct() then\nreturns early and the original destructor never runs, leaking the socket.\nRestore sk_destruct on the error path."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnet/handshake: restaurar destructor en fallo de envío\n\nhandshake_req_submit() reemplaza sk-&gt;sk_destruct pero nunca lo restaura cuando el envío falla antes de que la solicitud sea hasheada. handshake_sk_destruct() entonces retorna prematuramente y el destructor original nunca se ejecuta, fugando el socket. Restaurar sk_destruct en la ruta de error."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 3.3, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.6.120", "matchCriteriaId": "018C9061-0688-4D2B-9AE9-12A977F721C7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.12.64", "matchCriteriaId": "32BF4A52-377C-44ED-B5E6-7EA5D896E98B"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.18.3", "matchCriteriaId": "2DC484D8-FB4F-4112-900F-AE333B6FE7A7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/6af2a01d65f89e73c1cbb9267f8880d83a88cee4", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/7b82a1d6ae869533d8bdb0282a3a78faed8e63dd", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/b225325be7b247c7268e65eea6090db1fc786d1f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/cd8cf2be3717137554744233fda051ffc09d1d44", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}]}}