CVE-2025-68787

In the Linux kernel, the following vulnerability has been resolved:

netrom: Fix memory leak in nr_sendmsg()

syzbot reported a memory leak [1].

When function sockallocsendskb() return NULL in nroutput(), the original skb is not freed, which was allocated in nr_sendmsg(). Fix this by freeing it before return.

[1] BUG: memory leak unreferenced object 0xffff888129f35500 (size 240): comm "syz.0.17", pid 6119, jiffies 4294944652 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 10 52 28 81 88 ff ff ..........R(.... backtrace (crc 1456a3e4): kmemleakallocrecursive include/linux/kmemleak.h:44 [inline] slabpostallochook mm/slub.c:4983 [inline] slaballocnode mm/slub.c:5288 [inline] kmemcacheallocnode_noprof+0x36f/0x5e0 mm/slub.c:5340 __allocskb+0x203/0x240 net/core/skbuff.c:660 allocskb include/linux/skbuff.h:1383 [inline] allocskbwithfrags+0x69/0x3f0 net/core/skbuff.c:6671 sockallocsendpskb+0x379/0x3e0 net/core/sock.c:2965 sockallocsendskb include/net/sock.h:1859 [inline] nrsendmsg+0x287/0x450 net/netrom/afnetrom.c:1105 socksendmsg_nosec net/socket.c:727 [inline] __socksendmsg net/socket.c:742 [inline] sockwriteiter+0x293/0x2a0 net/socket.c:1195 newsyncwrite fs/readwrite.c:593 [inline] vfswrite+0x45d/0x710 fs/readwrite.c:686 ksyswrite+0x143/0x170 fs/readwrite.c:738 dosyscallx64 arch/x86/entry/syscall64.c:63 [inline] dosyscall64+0xa4/0xfa0 arch/x86/entry/syscall64.c:94 entrySYSCALL64afterhwframe+0x77/0x7f