CVE-2025-22058: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-22058 is a memory accounting leak vulnerability discovered in the Linux kernel's UDP implementation. The vulnerability was reported by Matt Dowling and disclosed on April 16, 2025. The issue affects the Linux kernel's UDP memory management system, specifically in how it handles memory accounting when UDP sockets are closed (NVD, Debian Tracker).

The vulnerability stems from an integer overflow in the udp_rmem_release() function. When a socket is closed, udp_destruct_common() calculates the total size of the receive queue using an unsigned integer, but passes it to udp_rmem_release() which takes a signed integer argument. This causes the total size to wrap around, leading to an overflow. The issue manifests when an application sets INT_MAX to SO_RCVBUF, causing the UDP memory usage to spike to 524,288 pages and double when the application is terminated (Red Hat CVE).

The vulnerability results in incorrect memory accounting, causing UDP memory usage to spike and never drop, eventually doubling when applications are terminated. This leads to memory allocation failures when a socket's sk_rmem_alloc exceeds net.ipv4.udp_rmem_min, resulting in packet drops. The issue affects system stability and network performance (Red Hat CVE).

The issue has been fixed in Linux kernel version 6.12.25-1. The fix involves using unsigned int for the calculation and calling sk_forward_alloc_add() only once for the small delta. Various Linux distributions have released or are in the process of releasing patches, including Debian which has fixed the issue in version 6.12.25-1 (Debian Tracker).