In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshake_req_submit() replaces sk->sk_destruct but never restores it when submission fails before the request is hashed. handshake_sk_destruct() then returns early and the original destructor never runs, leaking the socket. Restore sk_destruct on the error path.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2026012327-CVE-2025-71148-78e6@gregkh/T