CVE-2025-22005 is a memory leak vulnerability identified in the Linux kernel's IPv6 networking stack, specifically within the function fib_check_nh_v6_gw(). This function is responsible for validating next-hop gateways for IPv6 routing. The vulnerability arises due to improper cleanup of per-CPU memory allocations when an error occurs during the initialization of fib6_nh structures. A recent code change (commit 7dd73168e273) reordered the initialization sequence by moving fib_nh_common_init() before alloc_percpu_gfp() in fib6_nh_init(), but failed to add corresponding cleanup logic for the nhc_pcpu_rth_output resource if the allocation of rt6i_pcpu fails. This omission results in a memory leak as allocated per-CPU memory is not freed on failure paths. While this does not directly lead to remote code execution or privilege escalation, the leak can cause gradual resource exhaustion on affected systems, potentially degrading network stack performance or causing denial of service over time. The vulnerability affects Linux kernel versions containing the specified commit and related code paths. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The fix involves invoking fib_nh_common_release() to properly release allocated resources on error paths, ensuring no memory leaks occur during IPv6 next-hop initialization failures.

For European organizations relying heavily on Linux-based infrastructure, especially those operating IPv6-enabled networks, this vulnerability could lead to gradual memory exhaustion on critical network nodes such as routers, firewalls, and servers. Over time, this may degrade network performance or cause service interruptions, impacting availability. Organizations with large-scale deployments or high network traffic volumes are more susceptible to experiencing noticeable effects. While the vulnerability does not appear to allow direct remote exploitation or data compromise, the resulting denial of service conditions could disrupt business operations, particularly in sectors like telecommunications, finance, and critical infrastructure where uptime and network reliability are paramount. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to potential future exploitation or cascading failures under heavy load.

European organizations should prioritize applying the official Linux kernel patches that address this memory leak as soon as they become available. Specifically, updating to kernel versions that include the fix for CVE-2025-22005 will ensure proper cleanup of per-CPU memory allocations during IPv6 next-hop initialization failures. Network administrators should monitor system memory usage and kernel logs for anomalies related to fib6_nh structures or IPv6 routing failures. Implementing proactive resource monitoring and alerting can help detect early signs of memory leaks. Additionally, organizations should conduct thorough testing of kernel updates in staging environments to verify stability and compatibility before deployment. For critical systems, consider deploying redundant network paths or failover mechanisms to mitigate potential service degradation during patching or in case of memory exhaustion. Maintaining an up-to-date inventory of Linux kernel versions in use across the organization will facilitate targeted patch management. Finally, engaging with Linux vendor support channels can provide timely information on patch availability and best practices.