DEBIAN-CVE-2025-39852

In the Linux kernel, the following vulnerability has been resolved: net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 When tcpaocopyallmatching() fails in tcpv6synrecvsock() it just exits the function. This ends up causing a memory-leak: unreferenced object 0xffff0000281a8200 (size 2496): comm "softirq", pid 0, jiffies 4295174684 hex dump (first 32 bytes): 7f 00 00 06 7f 00 00 06 00 00 00 00 cb a8 88 13 ................ 0a 00 03 61 00 00 00 00 00 00 00 00 00 00 00 00 ...a............ backtrace (crc 5ebdbe15): kmemleakalloc+0x44/0xe0 kmemcacheallocnoprof+0x248/0x470 skprotalloc+0x48/0x120 skclonelock+0x38/0x3b0 inetcskclonelock+0x34/0x150 tcpcreateopenreqchild+0x3c/0x4a8 tcpv6synrecvsock+0x1c0/0x620 tcpcheckreq+0x588/0x790 tcpv6rcv+0x5d0/0xc18 ip6protocoldeliverrcu+0x2d8/0x4c0 ip6inputfinish+0x74/0x148 ip6input+0x50/0x118 ip6sublistrcv+0x2fc/0x3b0 ipv6listrcv+0x114/0x170 _netifreceiveskblistcore+0x16c/0x200 netifreceiveskblistinternal+0x1f0/0x2d0 This is because in tcpv6synrecvsock (and the IPv4 counterpart), when exiting upon error, inetcskprepareforcedclose() and tcpdone() need to be called. They make sure the newsk will end up being correctly free'd. tcpv4synrecvsock() makes this very clear by having the putandexit label that takes care of things. So, this patch here makes sure tcpv4synrecvsock and tcpv6synrecvsock have similar error-handling and thus fixes the leak for TCP-AO.