CVE-2025-68245: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, the following vulnerability has been resolved:

net: netpoll: fix incorrect refcount handling causing incorrect cleanup

commit efa95b01da18 ("netpoll: fix use after free") incorrectly ignored the refcount and prematurely set dev->npinfo to NULL during netpoll cleanup, leading to improper behavior and memory leaks.

Scenario causing lack of proper cleanup:

1. A netpoll is associated with a NIC (e.g., eth0) and netdev->npinfo is allocated, and refcnt = 1
   • Keep in mind that npinfo is shared among all netpoll instances. In this case, there is just one.
2. Another netpoll is also associated with the same NIC and npinfo->refcnt += 1.
   • Now dev->npinfo->refcnt = 2;
   • There is just one npinfo associated to the netdev.
3. When the first netpolls goes to clean up:
   • The first cleanup succeeds and clears np->dev->npinfo, ignoring refcnt.
     • It basically calls RCU_INIT_POINTER(np->dev->npinfo, NULL);
   • Set dev->npinfo = NULL, without proper cleanup
   • No ->ndo_netpoll_cleanup() is either called
4. Now the second target tries to clean up
   • The second cleanup fails because np->dev->npinfo is already NULL.
     • In this case, ops->ndo_netpoll_cleanup() was never called, and the skb pool is not cleaned as well (for the second netpoll instance)
       • This leaks npinfo and skbpool skbs, which is clearly reported by kmemleak. Revert commit efa95b01da18 ("netpoll: fix use after free") and adds clarifying comments emphasizing that npinfo cleanup should only happen once the refcount reaches zero, ensuring stable and correct netpoll behavior.